Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

pc will not boot in safe mode and doing strange things [RESOLVED]


  • This topic is locked This topic is locked

#1
shannianni

shannianni

    Member

  • Member
  • PipPipPip
  • 922 posts
Hi everyone

sorry i had to redo the log as it looked funny, My brother says his PC is doing strange things, pop ups, and it wont let him boot in safe mode as well as crashing every now and again,

Here is his log

Logfile of HijackThis v1.99.1
Scan saved at 19:17:06, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\windows\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/d...SISTransfer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121753577718
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179667836968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup160.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: gearsec - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe





Many Thanks

Shannianni

Edited by shannianni, 05 July 2007 - 12:31 PM.

  • 0

Similar Topics: pc will not boot in safe mode and doing strange things [RESOLVED]     x


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello shannianni, I am just looking over your log and will get back to you soon.
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello shannianni, my name is Rorschach and I'll be helping you with your problems.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
So in your next reply please post the DSS texts and the Kaspersky Webscanner report.

Edited by Rorschach112, 10 July 2007 - 03:15 PM.

  • 0

#4
shannianni

shannianni

    Member

  • Member
  • PipPipPip
  • 922 posts
Sorry its taken time but heres the main txt & extra txt plus tha kaspersky virus log, 4 found please if you can help. :whistling:

Deckard's System Scanner v20070708.52
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3200+
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 1535.49 MiB / 1142.91 MiB
Pagefile Memory (total/avail): 3434.78 MiB / 3210.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1975.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 114.49 GiB total, 36.55 GiB free.
D: is Fixed (NTFS) - 114.49 GiB total, 9.73 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer is ready and waiting.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.

AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kevin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KEVIN-9OVL8YAP2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kevin
LOGONSERVER=\\KEVIN-9OVL8YAP2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\COSIDS;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kevin\LOCALS~1\Temp
TMP=C:\DOCUME~1\kevin\LOCALS~1\Temp
USERDOMAIN=KEVIN-9OVL8YAP2
USERNAME=kevin
USERPROFILE=C:\Documents and Settings\kevin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

kevin (admin)
Administrator.KEVIN-9OVL8YAP2 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Prophet RADEON Series --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
Acoustica Effects Pack --> C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Acoustica Mixcraft --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Antares Filter VST DX v1.01 --> C:\PROGRA~1\Antares\UNINST~1\UNWISE.EXE C:\PROGRA~1\Antares\UNINST~1\INSTALL.LOG
ANWIDA Soft DX Reverb 1.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ANWIDA Soft\DX Reverb 1.1\Uninst.isu"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Audio Conversion Wizard 1.4 --> "C:\Program Files\LitexMedia\Audio Conversion Wizard\unins000.exe"
Audio WASP --> MsiExec.exe /I{B3A454E9-BA17-4F67-A638-13584380BA1F}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belkin Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
Cakewalk VST Adapter 4.4.4.0 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CDRWIN 5 --> MsiExec.exe /I{9B2B0EAD-2CC7-4589-B3AA-D23BAB724065}
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Codec Pack - All In 1 6.0.1.8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
DigiDoc --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45159A27-7EA1-4BC8-A6EE-91E3F47A518E}\setup.exe"
Diskeeper Professional Edition --> MsiExec.exe /X{BDCE8614-49F7-4A51-B83A-544535D2DD09}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DMXFireDriver --> "C:\DMXXfire1024\sp_uninstall.exe"
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Easy CD & DVD Creator 6 --> MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
ed2k link catch0r --> "C:\Program Files\ed2k link catch0r\Uninstall.exe"
eDonkey2000 --> "C:\Program Files\eDonkey2000\uninstall_eDonkey2000.exe"
Elevayta VST Rak V1.21 --> "C:\Program Files\Elevayta Productivity Tools\Elevayta VST Rak\unins000.exe"
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON PRINT Image Framer Tool2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESPR300 Reference Guide --> C:\Program Files\EPSON\ESPR300\REF_G\DOCUNINS.EXE
ESPR300 Software Guide --> C:\Program Files\EPSON\ESPR300\PQU_G\DOCUNINS.EXE
ESPR300 Standalone Guide --> C:\Program Files\EPSON\ESPR300\STA_G\DOCUNINS.EXE
Fellowes/NEATO MediaFACE --> C:\PROGRA~1\MEDIAF~2\UNWISE.EXE C:\PROGRA~1\MEDIAF~2\INSTALL.LOG
FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe
fxpansion!RobotikVocoder --> C:\UNWISE.EXE D:\ACIDLO~1\ROBOTI~1\FXPANS~1\INSTALL.LOG
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Documents and Settings\kevin\My Documents\hijackthis\HijackThis.exe /uninstall
Hypersonic 1.1.1 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\HYPERS~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\HYPERS~1\INSTALL.LOG
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 1.6 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
IZotope Ozone DX VST RTAS v3.08 --> C:\PROGRA~1\iZotope\OZONE3~1\UNWISE.EXE C:\PROGRA~1\iZotope\OZONE3~1\INSTALL.LOG
iZotope Vinyl --> "C:\Program Files\iZotope\Vinyl\unins000.exe"
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment Standard Edition v1.3.1_04 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
LimeWire --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4727EB39-BB6F-4571-A0B6-AB6331D57665}
LimeWire 4.9.30 --> "C:\Program Files\LimeWire\uninstall.exe"
Live 5.0.1 --> C:\PROGRA~1\Ableton\LIVE50~1.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE50~1.1\Install\INSTALL.LOG
Live 5.0.2 --> C:\PROGRA~1\Ableton\LIVE50~1.2\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE50~1.2\Install\INSTALL.LOG
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x40c
LogViewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5090856-6E87-4AE1-B6FE-DD4149CB097A}\Setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Making Waves v1.95 --> C:\WINDOWS\UNWISE.EXE C:\audio\makewave\INSTALL.LOG
MediaFood Designer Tools 1.31 --> "C:\Program Files\MediaFood\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mixcraft RealAudio Support --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Mixed In Key --> MsiExec.exe /X{866EE467-669B-4911-9D1C-FB3B4DBD897A}
MixMeister BPM Analyzer 1.0 --> "C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
MixMeister Pro 6 --> MsiExec.exe /I{6FF6CE46-2F27-4A4B-916F-AB1C678C8F5E}
ModPacker 1.0 --> MsiExec.exe /X{CC457DF0-D7AF-4362-A9D5-F87516FD3147}
MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
Nero Fast CD-Burning Plug-in --> C:\WINDOWS\UnWMPBurn.exe /UNINSTALL
Nero PhotoShow Express --> "C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\SetupX.exe /uninstall ExtraUninstallID=""
NewsBin Pro 4.3 --> C:\Program Files\nbpro\uninst-nbpro.exe
NewsLeecher --> "C:\Program Files\NewsLeecher\uninstall.exe"
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI
PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PCI Audio Driver --> cmuninst.exe
Photo Resizer 1.06 (Free version) --> "c:\Program Files\Photo_Resizer\unins000.exe"
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\2.11.1.5\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason --> MsiExec.exe /X{E52BFE61-E0FF-11D6-9D69-00065BABCB42}
ReBirth 2.0 --> MsiExec.exe /X{427B2195-6A44-4B5F-81A1-135C8918038D}
rgcAudio Reverb v1.0 --> "C:\Program Files\rgcAudio\DirectX\Reverb\unins000.exe"
Roomulator VST 2.02 --> C:\WINDOWS\iun6002.exe "C:\Program Files\VstPlugins\Roomulator VST\irunin.ini"
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Shareaza version 2.2.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
SnagIt 8 --> MsiExec.exe /I{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}
SONAR Home Studio 4 --> C:\PROGRA~1\Cakewalk\SONARH~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONARH~1\INSTALL.LOG
Sonic Foundry XFX vol3 build 72 --> C:\audio\xfx3\UNWISE.EXE C:\audio\xfx3\INSTALL.LOG
Sony ACID Pro 5.0 --> MsiExec.exe /X{76902AF9-DA86-419D-B533-077643124722}
Sony Sound Forge 7.0 --> MsiExec.exe /I{EA1FFC52-3B2A-4FE8-A6CD-1EB914D8B644}
Sony Sound Forge 8.0 --> MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
Sound Laundry Terratec --> C:\WINDOWS\Algoui.exe sle.exe alsetup.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg VoiceMachine v1.0 --> C:\PROGRA~1\VSTPLU~1\STEINB~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\STEINB~1\INSTALL.LOG
Synacast Plug-in 1.1.0.7 --> C:\Program Files\Common Files\Synacast\SynaLive\uninst.exe
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TerraTec RIAA PlugIn --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8636CD81-7696-43CA-84D8-866AAD9131D7}\Setup.exe" -l0x9
The FilmMachine 1.5.0.11 --> "C:\Program Files\The FilmMachine\unins000.exe"
TimeWorks Reverb 4080L v1.101 --> C:\WINDOWS\UNWISE.EXE C:\audio\TIMEWO~1\Reverb\install.log
TMPGEnc Studio --> "C:\Program Files\Pegasys TMPGEnc Studio\unins000.exe"
Ulead Data-Add 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8E6D29-95EC-494E-8AF5-566E784819A6}\setup.exe" -l0x9
Ulead DVD MovieFactory 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
Ulead Photo Explorer 7.0 SE Platinum --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}\setup.exe" -l0x9
Video Edit Magic 3.36 --> "C:\Program Files\Deskshare\Video Edit Magic 3\unins000.exe"
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
Wave Arts MasterVerb --> C:\PROGRA~1\WAVEAR~1\MASTER~1\UNWISE.EXE C:\PROGRA~1\WAVEAR~1\MASTER~1\INSTAL~1.LOG
WaveLab Lite --> "C:\Program Files\Steinberg\WaveLab Lite\Unwise.exe" C:\PROGRA~1\STEINB~1\WAVELA~1\install.log
Waves 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C4D25EB-6513-4702-8355-F4194DE2E1D9}\setup.exe" -l0x9
Waves Gold Processors 3.5 --> C:\PROGRA~1\Waves\WAVES3~1\UNWISE.EXE C:\PROGRA~1\Waves\WAVES3~1\INSTALL.LOG
Waves Masters Bundle 3.5 --> C:\PROGRA~1\Waves\MASTER~1\UNWISE.EXE C:\PROGRA~1\Waves\MASTER~1\INSTALL.LOG
Waves Native Power Pack v2.35 --> C:\audio\waves\NATIVE~1\UNWISE.EXE C:\audio\waves\NATIVE~1\install.log
Waves Renaissance Collection 2 3.5 --> C:\PROGRA~1\Waves\RENCOL~1\UNWISE.EXE C:\PROGRA~1\Waves\RENCOL~1\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-07-11 at 14:09:07 ---------



VIRUS LOG BELOW>>>>

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 11, 2007 4:32:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/07/2007
Kaspersky Anti-Virus database records: 361143
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 190079
Number of viruses found: 4
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:04:58

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UPCTP_0001_91M1101NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.i skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\kevin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\History\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temp\Perflib_Perfdata_69c.dat Object is locked skipped
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\ID9YZAPG\gULEjWiXk[1].htm Infected: Exploit.Win32.IMG-ANI.af skipped
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kevin\ntuser.dat Object is locked skipped
C:\Documents and Settings\kevin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP100\A0022677.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP100\A0022709.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP100\A0022724.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0022765.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0022779.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0022792.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0023791.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0023800.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0023810.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0023823.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0023839.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP101\A0023848.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP102\change.log Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP92\A0017067.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP93\A0017087.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP94\A0017165.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP94\A0017178.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP94\A0017193.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP94\A0017203.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP94\A0017217.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP94\A0017232.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP95\A0017248.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP95\A0017266.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP95\A0018266.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP96\A0018303.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP96\A0019303.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP96\A0019307.exe Infected: Trojan-Downloader.Win32.Small.cxs skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP96\A0019332.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP97\A0019377.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP97\A0020376.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP97\A0020387.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP97\A0020399.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP97\A0020417.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP98\A0022460.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP98\A0022518.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP98\A0022538.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP99\A0022564.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP99\A0022599.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP99\A0022621.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP99\A0022631.exe Object is locked skipped
C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP99\A0022655.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UPCTP_0001_91M1101NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.i skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\service\dlg.exe Object is locked skipped
C:\WINDOWS\system32\service\explorer.exe Infected: Trojan-Spy.Win32.Agent.mx skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP102\change.log Object is locked skipped

Scan process completed.
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello shannianni.

You have forgotten to post the main.txt from DSS, it should look similar to your original HijackThis log. So if you could
post that in your next reply we can get started.

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

So in your next reply please post the main.txt from DSS
  • 0

#6
shannianni

shannianni

    Member

  • Member
  • PipPipPip
  • 922 posts
:whistling: Sorry ,Hopefully this is the first log file,

-- HijackThis (run as kevin.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 05:50:44, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kevin\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\kevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.blueyonder.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/d...SISTransfer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121753577718
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179667836968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup160.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: gearsec - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- Files created between 2007-06-12 and 2007-07-12 -----------------------------

2007-07-11 14:12:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-05 18:30:16 0 --a------ C:\WINDOWS\system32\Ž{Ž{˙˙
2007-07-01 10:18:57 49936 --a------ C:\WINDOWS\system32\compress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-07-01 10:18:46 0 d-------- C:\WINDOWS\system32\service


-- Find3M Report ---------------------------------------------------------------

2007-07-11 11:43:10 0 d-------- C:\Documents and Settings\kevin\Application Data\AVG7
2007-07-09 15:15:49 0 d-------- C:\Program Files\nbpro
2007-07-09 06:35:01 0 d-------- C:\Documents and Settings\kevin\Application Data\Roxio
2007-07-01 10:53:14 0 d-------- C:\Program Files\coolpro2
2007-06-09 10:25:00 0 d-------- C:\Program Files\cosids
2007-05-31 18:38:59 0 d-------- C:\Program Files\MSN Messenger
2007-05-20 15:48:24 0 d-------- C:\Program Files\DivX
2007-05-20 15:47:03 0 d-------- C:\Program Files\MSXML 4.0
2007-05-20 15:45:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-20 15:23:19 0 d-------- C:\Program Files\Messenger
2007-05-20 15:23:04 0 d-------- C:\Program Files\Movie Maker
2007-05-20 15:20:23 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"C-Media Mixer"="Mixer.exe /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"USIUDF_Eject_Monitor"="C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\USISrv.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"Pinnacle WebUpdater"="\"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\WebUpdater\\WebUpdater.exe\" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles"
"PMCRemote"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\Remote\\Remoterm.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PMCS"="\"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe\""
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"1"="C:\\WINDOWS\\system32\\service\\explorer.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"
"backup"="C:\\WINDOWS\\pss\\Bluetooth.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Belkin\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\blueyonder Instant Support Tool.lnk"
"backup"="C:\\WINDOWS\\pss\\blueyonder Instant Support Tool.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BLUEYO~1\\bin\\matcli.exe -boot"
"item"="blueyonder Instant Support Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TabUserW.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\TabUserW.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\WTablet\\TabUserW.exe "
"item"="TabUserW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kevin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\kevin\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I0F2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB002\" /M \"Stylus Photo R300\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-07-12 at 05:50:57 ---------

For the time being ive turned on windows firewall is this ok or should i install one of the ones you have said??
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello shannianni, thanks for posting that. You missed a tiny bit of the DSS main.txt, so in the future make sure you post all the text for programs we use.

For the time being ive turned on windows firewall is this ok or should i install one of the ones you have said??

Well the Windows Firewall isn't as good as the programs I recommended, so if it was me I'd switch to one of the three
firewalls I recommended. Make sure you turn off the Windows Firewall first though.

Can you tell me anything about this file ?
C:\WINDOWS\system32\Ž{Ž{˙˙


Go to this site:
http://www.virustota.../en/indexx.html
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\system32\Ž{Ž{˙˙

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

So in your next reply please post the following : the report of that file I asked you to scan, the Dr. Web Cureit log, and tell me how the PC is running and if you still can't get into Safe Mode.
  • 0

#8
shannianni

shannianni

    Member

  • Member
  • PipPipPip
  • 922 posts
:whistling: well here goes,

C:\WINDOWS\system32\Ž{Ž{˙˙ (i have no idea what this file is)

0 bytes size received / Se ha recibido un archivo vacio (this is the text i got when i scanned the file????)



and here is the drweb virus log you requested, (took ages to scan,)

explorer.exe;c:\windows\system32\service;Probably DLOADER.PWS.Trojan;;
UPCTP_0001_91M1101NetInstaller.exe;C:\Deckard\System Scanner\20070712054923\backup\WINDOWS\Downloaded Program Files;Trojan.DownLoader.10963;Deleted.;
index[2].htm\JavaScript.0;C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\ID9YZAPG\index[2].htm;VBS.PackFor;;
index[2].htm;C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\ID9YZAPG;Archive contains infected objects;Moved.;
026-5616392-3146034[14].htm;C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\M19MW0IH;Win32.HLLM.Graz;Deleted.;
026-5343507-4821248[12].htm;C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\ORTZIAVH;Win32.HLLM.Graz;Deleted.;
202-9808944-2891017[1].htm;C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\OY4N0QLH;Win32.HLLM.Graz;Incurable.Moved.;
202-9808944-2891017[4].htm;C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\OY4N0QLH;Win32.HLLM.Graz;Deleted.;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;
A0023923.exe;C:\System Volume Information\_restore{341936DC-D8F5-49DE-A8A1-25768EF52141}\RP103;Trojan.DownLoader.10963;Deleted.;
UPCTP_0001_91M1101NetInstaller.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.1;Trojan.DownLoader.10963;Deleted.;

One small note is my main antivirus is avg and the main threat that kept showing was Trojan horse Small.AA there are currently 23 variations in the AVG virus vault,? is it ok to delete these files from the vault now?

Also i am now able to boot in safe mode now,

Thanks very much for your time on this, i look forward to your reply.
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello shannianni, I've had to split this post into two parts, so make sure you read the rest below.

One small note is my main antivirus is avg and the main threat that kept showing was Trojan horse Small.AA there are currently 23 variations in the AVG virus vault,? is it ok to delete these files from the vault now?

Yes it is ok to delete those if you want to.

Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\Ž{Ž{˙˙

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



Run HijackThis, click "Do a system scan only" and check these entries in bold

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


Close all windows except for HijackThis and click "Fix checked".
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

* SpywareGuard offers realtime protection from spyware installation attempts.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
shannianni

shannianni

    Member

  • Member
  • PipPipPip
  • 922 posts
:whistling: Thankyou very much Rorschach112 i have followed all your advice, im now using Mozilla as my browser,and have installed all the programs which you suggested,

Thanks for taking time out to help, you are a very talented person, :blink:
system seems to be running fine now............(shouldnt speak to soon :help: )


Regards.
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured