Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help on Trojan.Vundo [RESOLVED]

Started by ipeh , Oct 30 2007 08:44 AM

  • This topic is locked This topic is locked

#31
ipeh
Posted 07 November 2007 - 06:27 PM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi greyknight17,

Last night when I was using my computer, an icon showed up in the right side of the taskbar (next to the clock). The icon looks like a Windows update icon. And it said 'Getting Update: 0%' and it stayed at 0% the whole time.
After a while, I wanted to shut my computer down and pressed the START button, the 'RUN', 'LOG OFF' and 'SHUT DOWN' menus were missing. The most bottom menu is 'HELP'.

When I pressed Ctrl+Alt+Del, the Windows Security window opened, but the 'Shut Down' and 'Task Manager' buttons were greyed out. So, what I had to do was log off my account and shut my PC down from the Shut Down button on that login window.
I have a different user account on that PC and if I tried to login using that other account, everything was fine. The Run and Shut Down menus were there, and nothing was greyed out.

I was able to show all the menus again by changing the properties in the Group Policy. I have rebooted my PC, logged in and the menus were still there.

I haven't installed any program since I uninstalled Panda.
So far I've just been using the PC to browse (sites that I can visit only :) ), play Windows Media Player and Winamp. That's it.
Do you have any idea of what might have caused it?

Thx!

ipeh
  • 0

Advertisements

#32
greyknight17
Posted 08 November 2007 - 08:47 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
This is a long shot, but give it a try:

Download WinsockFix at http://www.greyknigh.../WinsockFix.zip and unzip it. Then double-click on WinsockFix.exe to run it. Click on the Fix button.

For the other computer you had, I assume it could visit all these sites right?

I want to see if TrendMicro can find something that we are missing here....

Go to http://www.trendmicr...tro/default.asp and click on that link to run the free scan. Check the box to accept the terms of use. Then click on Launching HouseCall button. If you have Java installed, click on the first button (that says Starting HouseCall). Otherwise, choose the second one to download an ActiveX version. You will get a security warning. Click on Run. Under Quick Select, choose the option that scans the whole computer and click Next. The scan should begin. After it's done scanning, get the log and post it here.
  • 0

#33
ipeh
Posted 09 November 2007 - 07:51 AM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi greyknight17,

I've already run WinsockFix.

However, I'm a bit confused now.
Did you want me to run the Trend Micro online scan from the infected PC or from my other computer? (and btw, yes, my other computer can visit all the sites)
Because the infected PC cannot open that scan page at all.

Thx.

ipeh
  • 0

#34
greyknight17
Posted 10 November 2007 - 09:15 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, I guess we can rule out TrendMicro as one of the sites it can go to as well now :)

Get this on another computer if you have problems going to the below site also:

Download AVG Anti-Spyware at http://www.ewido.net/en/download/ and install it.

Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the 'Update' icon.
Next select the 'Start Update' button. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the Settings screen, click on 'Recommended actions' and then select 'Quarantine'.

Under Reports:
Select 'Automatically generate report after every scan'.
Un-Select 'Only if threats were found'.

Click on the Scan tab and choose to run the 'Complete System Scan' . Post the report here when it's done.
  • 0

#35
ipeh
Posted 11 November 2007 - 10:09 PM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi greyknight17,

Followed all the steps, but after the scan I couldn't find any reports under the "Reports" tab.

It found 28 objects (109 traces).
There were Trojan.Agent.abd and Hijacker.Small that were High risk.
The rest were Tracking.Cookies that were all Medium risk.

Not sure why it wouldn't give me the report. I'm giving you a print screen of the scan page.

Oh btw, this new thing came up. Everytime I want to cut/paste/delete/right-click files from Desktop/My Computer, a pop-up Window showed. It's from my Nokia PC Suite. The title is Nokia Phone Browser and the message is The operation could not be completed. But after I clicked the OK button, it will continue doing whatever it is supposed to do (cut/delete/etc..)

It's getting stranger by the day, huh... :)

Do you want me to run the scan again?

Thx,

ipeh

Attached Thumbnails

  • scan.jpg
  • error_msg.jpg

  • 0

#36
ipeh
Posted 12 November 2007 - 02:28 AM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi greyknight17,

I'm attaching a picture of my taskbar. The "Downloading updates" kept showing and it's always at 0%. I've turned the Windows update off from the Services menu at control panel.
But this keeps popping up.

Is it really a windows update?

Thx.

ipeh

Attached Thumbnails

  • download_update.JPG

  • 0

#37
greyknight17
Posted 12 November 2007 - 08:04 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you remove/delete all the infected files found by AVG?

Got to Start->Run and type in services.msc and hit OK. Verify that Automatic Updates is disabled.
  • 0

#38
ipeh
Posted 12 November 2007 - 09:36 PM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Yes, I did delete all the infected files.
I thought after I did, it would show in the report, sadly it didn't.

Btw, in services.msc the Automatic Update's status is Automatic. I couldn't stop it.
It gave me an error msg.

Thx.

ipeh

Attached Thumbnails

  • services_msc.jpg

  • 0

#39
greyknight17
Posted 13 November 2007 - 09:38 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Sounds like it could be a legitimate Windows Update then. If you still want it disabled, take a look here and see if it's of any help.

That other problem you have with the Nokia software, you can try uninstalling it. Then restart your computer and install it back if you want that program to see if the problem returns.

Any other issues remaining?
  • 0

#40
ipeh
Posted 20 November 2007 - 02:48 AM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi..

Sorry, just got back from seminar out of town.

The only problem remaining is still not being able to visit all those sites.
I don't know why.

I think the rest is okay though.

Thanks!

ipeh
  • 0

Advertisements

#41
greyknight17
Posted 20 November 2007 - 10:36 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download Deckard's System Scanner at http://deckard.geekstogo.com/dss.exe to your Desktop.

- Close all applications and windows.
- Double-click on DSS.exe to run it, and follow the prompts.
- The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. In this case, it may be better to temporary disable your Antivirus.

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.
  • 0

#42
ipeh
Posted 21 November 2007 - 02:49 AM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi greyknight17,

Here's the main.txt:

Deckard's System Scanner v20071014.68
Run by ipeh on 2007-11-21 15:39:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ipeh.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-21 15:40:19
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\spool\drivers\w32x86\3\E_S4I3C2.EXE
C:\Documents and Settings\ipeh\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program Files\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Program Files\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RegistryMechanic] -
O4 - HKLM\..\Run: [PCSuiteTrayApplication] -"C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [nwiz] -"nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] -"RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(4).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV04.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FreshDownload - {DE8A5E4B-EABA-48C8-8B88-C96DC7D70061} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O10 - Unknown file in Winsock LSP: C:\WINNT\system32\NWPROVAU.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupd...8533.0341782407
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{26357473-AAE8-432F-AE0D-F6E6C086A79F}: NameServer = 202.155.0.10,202.155.0.15
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - -C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINNT\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: Macromedia Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - -C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: ScsiAccess - Unknown owner - E:\ProShowGold\scsiaccess.exe
O23 - Service: ServiceLayer - Unknown owner - -"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"


--
End of file - 7840 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ipeh\MYDOCU~1\FIXING~1\backups\) ------

backup-20070606-100817-411 O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
backup-20070606-100817-328 O20 - Winlogon Notify: winndy32 - winndy32.dll (file missing)
backup-20071030-154244-405 O2 - BHO: (no name) - {1016DEFF-FC99-4D9C-AA58-7D4DC3702E4A} - C:\WINNT\system32\awvvs.dll (file missing)
backup-20071030-154250-205 O2 - BHO: (no name) - {60865A4E-CDBB-44A1-A79B-5CBE90318C01} - C:\WINNT\system32\mllml.dll (file missing)
backup-20071030-154256-634 O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
backup-20071030-154305-761 O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINNT\system32\ssqomli.dll (file missing)
backup-20071030-154311-654 O20 - Winlogon Notify: awvvs - C:\WINNT\system32\awvvs.dll (file missing)
backup-20071030-154402-584 O20 - Winlogon Notify: mllml - C:\WINNT\system32\mllml.dll (file missing)
backup-20071030-154453-256 O20 - Winlogon Notify: ssqomli - C:\WINNT\
backup-20071102-072250-907 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
backup-20071102-072250-453 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
backup-20071102-072250-233 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
backup-20071102-072250-628 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
backup-20071102-072250-443 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
backup-20071102-072250-265 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
backup-20071102-072250-532 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vax347b - c:\winnt\system32\drivers\vax347b.sys
R0 Vax347s - c:\winnt\system32\drivers\vax347s.sys
R1 SCDEmu - c:\winnt\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 aslm75 - c:\winnt\system32\drivers\aslm75.sys
R2 BTSERIAL (Bluetooth Serial Driver) - c:\winnt\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\winnt\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
R3 Pcouffin (VSO Software pcouffin) - c:\winnt\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 cdawdm - c:\winnt\system32\drivers\cdawdm.sys (file missing)
S1 eeCtrl (Symantec Eraser Control driver) - -\??\c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:\winnt\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
S3 catchme - c:\docume~1\ipeh\locals~1\temp\catchme.sys (file missing)
S3 FreshIO - -\??\c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Adobe LM Service - -"c:\program files\common files\adobe systems shared\service\adobelmsvc.exe" (file missing)
S3 HDDSvc (HDD Information Service) - c:\winnt\system32\hddsvc.exe <Not Verified; AltrixSoft (http://www.altrixsoft.com/); HDDSvc Module>
S3 IDriverT (InstallDriver Table Manager) - -"c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" (file missing)
S3 iPod Service - -"c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 Macromedia Licensing Service - -"c:\program files\common files\macromedia shared\service\macromedia licensing.exe" (file missing)
S3 O&O Defrag - c:\winnt\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
S3 ose (Office Source Engine) - -c:\program files\common files\microsoft shared\source engine\ose.exe (file missing)
S3 ServiceLayer - -"c:\program files\pc connectivity solution\servicelayer.exe" (file missing)
S4 btwdins (Bluetooth Service) - -c:\program files\billionton\bluetooth software\bin\btwdins.exe (file missing)
S4 Ccang39 -
S4 ScsiAccess - e:\proshowgold\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\PNP0400\1
Manufacturer: (Standard port types)
Name:
PNP Device ID: ACPI\PNP0400\1
Service:


-- Files created between 2007-10-21 and 2007-11-21 -----------------------------

2007-11-20 15:27:34 0 d-------- C:\Documents and Settings\galee\Application Data\AVG7
2007-11-20 15:27:29 0 d-------- C:\Documents and Settings\galee\Application Data\Grisoft
2007-11-12 08:59:01 0 d-------- C:\Documents and Settings\ipeh\Application Data\Grisoft
2007-11-08 21:24:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 15:54:29 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_4e8.dat
2007-11-05 09:06:11 0 d-------- C:\Documents and Settings\ipeh\Application Data\Opera
2007-11-05 09:05:43 0 d-------- C:\Program Files\Opera
2007-11-04 22:59:12 0 d-------- C:\WINNT\system32\SoftwareDistribution
2007-11-04 22:54:20 0 d-------- C:\WINNT\SoftwareDistribution
2007-11-04 10:23:13 0 d-------- C:\Program Files\SpywareGuard
2007-11-04 10:07:26 0 d-------- C:\Program Files\SpywareBlaster
2007-11-04 07:56:25 0 d-------- C:\WINNT\ERUNT
2007-11-02 09:55:03 0 d---s---- C:\Documents and Settings\ipeh\UserData
2007-11-02 09:33:49 0 dr-h----- C:\$VAULT$.AVG
2007-11-01 06:50:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-31 22:09:05 0 d-------- C:\Documents and Settings\ipeh\Application Data\AVG7
2007-10-31 22:08:21 0 d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2007-10-31 22:07:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-31 19:31:14 1011968 ---h----- C:\WINNT\ShellIconCache
2007-10-31 10:48:54 0 d-------- C:\kav
2007-10-31 10:25:30 202240 --ah----- C:\setup95.exe <Not Verified; DreamWorks Interactive; The Neverhood>
2007-10-31 07:09:59 0 d-------- C:\VundoFix Backups
2007-10-30 16:42:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-30 05:41:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab


-- Find3M Report ---------------------------------------------------------------

2007-10-09 16:21:04 0 d-------- C:\Documents and Settings\ipeh\Application Data\eMusic
2007-10-09 16:20:52 0 d-------- C:\Program Files\eMusic Remote
2007-09-25 20:25:08 0 d-------- C:\Program Files\Absolute Video to Audio Converter


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"RegistryMechanic"="-" []
"PCSuiteTrayApplication"="-C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" []
"nwiz"="-nwiz.exe" []
"NvCplDaemon"="-RUNDLL32.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/08/07 09:24p]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/07 04:25p]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 07:51p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\ipeh\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(4).lnk - C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV04.EXE [2/3/2000 1:11:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2007-11-21 15:41:17 ------------
  • 0

#43
ipeh
Posted 21 November 2007 - 02:52 AM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
And the extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.50GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 510.73 MiB / 284.85 MiB
Pagefile Memory (total/avail): 1245.38 MiB / 1005.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.73 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 18.63 GiB total, 3.28 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 39.06 GiB total, 0.92 GiB free.
F: is CDROM (No Media)
G: is Fixed (NTFS) - 37.27 GiB total, 0.23 GiB free.
H: is CDROM (CDFS)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 76.33 GiB - E: - G:

\\.\PHYSICALDRIVE0 - ST320014A - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.64 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ipeh\Application Data
CLASSPATH=.;C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PATMON
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ipeh
LOGONSERVER=\\PATMON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\SYSTEM32;C:\WINNT;C:\WINNT\SYSTEM32\WBEM;C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ipeh\LOCALS~1\Temp
TMP=C:\DOCUME~1\ipeh\LOCALS~1\Temp
USERDOMAIN=PATMON
USERNAME=ipeh
USERPROFILE=C:\Documents and Settings\ipeh
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

galee (admin)
ipeh (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
--> C:\WINNT\IsUninst.exe -fC:\Sierra\Contraptions\Uninst.isu
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABC Amber LIT Converter --> C:\PROGRA~1\ABCAMB~1\UNWISE.EXE C:\PROGRA~1\ABCAMB~1\INSTALL.LOG
Absolute MP3 Splitter version 2.2.12 --> "C:\Program Files\Absolute MP3 Splitter\unins000.exe"
ACDSee Pro --> MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B}
Ad-Aware SE Professional --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\INSTALL.LOG
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AiS Conception & Contraception Calendar 3.2.1 --> C:\WINNT\UnGins.exe "C:\Program Files\AtomInterSoft\AiSCCC\install.log"
Alive Video Joiner (version 1.1.0.9) --> "E:\Video Joiner\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ASUS Probe V2.22.00 --> C:\WINNT\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVI Splitter --> "E:\avisplit\unins000.exe"
AVI/MPEG/RM/WMV Joiner 4.11 --> "E:\AVI MPEG RM WMV Joiner\unins000.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS VideoConverter 3.1.1.151 --> "C:\Program Files\AVSMedia\VideoConverter3\unins000.exe"
Axialis Professional Screen Saver Producer 3.6 --> E:\Screen Saver Producer\UnInstall.exe "Professional Screen Saver Producer" "AxScrProd.exe"
Billionton Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
CD_DRV_94 --> "C:\WINNT\unins000.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ConvertXtoDVD 2.0.17 --> "E:\ConvertXtoDVD\unins000.exe"
Crosstrainer --> MsiExec.exe /I{E764B702-5DEC-4909-942F-8A597A74865E}
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "E:\avi-dvd-pro\unins000.exe"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DLDIrc --> "C:\Program Files\DLDIrc\uninstall.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD to 3GP Converter 4 --> E:\Xilisoft\DVD to 3GP Converter 4\Uninstall.exe
Easy CD-DA Extractor 9.0.1 --> "C:\WINNT\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 9\irunin.xml"
Easy PDF to Text Converter v2.0 --> "C:\Program Files\Easy PDF to Text Converter\unins000.exe"
Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe"
EPSON Printer Software --> C:\WINNT\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESC63 Reference Guide --> C:\Program Files\EPSON\ESC63\REF_G\DOCUNINS.EXE
FileSpecs plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\FILESP~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\FILESP~1\INSTALL.LOG
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623 --> "C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
FreshDownload --> "C:\Program Files\FreshDevices\FreshDownload\unins000.exe"
FreshView --> "C:\Program Files\FreshDevices\FreshView\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Hard Drive Inspector 1.5 build # 908 --> E:\Hard Drive Inspector\Uninst.exe
HexDump plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\hexdump\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\hexdump\INSTALL.LOG
HijackThis 1.99.1 --> E:\Backup PC Sunter\galee\Desktop\HijackThis.exe /uninstall
Hoyle Casino 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{224C47F4-CB95-406C-8AD6-81002FEED0CF}
Hoyle Table Games 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F28E8590-9CC2-4535-9AA6-1102C2E3D68F}
InFlac 1.1.1 --> "C:\Program Files\Winamp\InFlac-Uninstall.exe"
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java 2 Runtime Environment Standard Edition v1.3.1_01 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KeyNote 1.6.5 --> "C:\Program Files\KeyNote\unins000.exe"
LSP Explorer plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\INSTALL.LOG
Macromedia Director MX 2004 --> E:\MACROM~1\DIRECT~1\UNWISE.EXE E:\MACROM~1\DIRECT~1\install.log
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Magic ISO Maker v5.0 (build 0166) --> C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG
Messenger-Control plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\MESSEN~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\INSTALL.LOG
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft VGX Q833989 --> C:\WINNT\vgxuninst.exe C:\WINNT\INF\Q833989.inf
Midway Arcade Treasures --> "E:\GAMEZ\Midway Arcade\Uninstall.exe"
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NJStar Chinese Pen --> C:\PROGRA~1\NJSTAR~2\UNWISE.EXE C:\PROGRA~1\NJSTAR~2\INSTALL.DLL
NJStar Chinese Word Processor --> "C:\Program Files\NJStar Chinese WP\Remove.exe" /U:"C:\Program Files\NJStar Chinese WP\Remove.log"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_us_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater --> MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
NoteTab Light (Remove only) --> "C:\Program Files\NoteTab Light\unins000.exe"
NVIDIA Drivers --> C:\WINNT\system32\nvudisp.exe UninstallGUI
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OE/W Messengerctrl plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\OEMESS~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\INSTALL.LOG
Opera 9.24 --> MsiExec.exe /X{16913489-B5E3-403E-AFD3-2B19BBE464D4}
Ovulation Calendar --> C:\WINNT\UnGins.exe "C:\Program Files\Ovulation Calendar\install.log"
Ovusoft Fertility Software --> C:\PROGRA~1\OVUSOFT\UNWISE.EXE C:\PROGRA~1\OVUSOFT\INSTALL.LOG
Oxygen Phone Manager for Symbian OS phones --> E:\Oxygen\SYMBIA~1\UNWISE.EXE E:\Oxygen\SYMBIA~1\INSTALL.LOG
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PCI Audio Driver --> cmuninst.exe
Photo Loader 2.3E --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
PhotoDVD 2.3.7.5 --> "C:\Program Files\vso\PhotoDVD\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PrimoPDF --> "C:\WINNT\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
ProShow Gold --> e:\ProShowGold\proshow.exe . -u
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Registry Mechanic 5.1 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Replay Converter 2.30 --> C:\WINNT\iun6002.exe "C:\Program Files\Replay Converter\irunin.ini"
SHARM 1.4.3 --> "C:\Program Files\SHARM 1.4\unins000.exe"
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Starry Night Pro 5 --> "E:\Starry Night Pro 5\Uninstall Starry Night Pro 5\Uninstall Starry Night Pro 5.exe"
Super DVD Creator 8.0 --> "C:\Program Files\Super DVD Creator 8.0\unins000.exe"
Taking Charge of Your Fertility Software --> E:\TCOYF\UNWISE.EXE E:\TCOYF\INSTALL.LOG
The Sudoku Challenge --> E:\GAMEZ\Sudoku\uninst.exe
ThumbsPlus version 7.0 --> C:\PROGRA~1\THUMBS7\UNWISE.EXE C:\PROGRA~1\THUMBS7\INSTALL.LOG
Trillian Pro 3.1 Build 121 --> "C:\Program Files\Trillian Pro\unins000.exe"
Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\tweakse\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\tweakse\INSTALL.LOG
Typer Shark Deluxe 1.02 --> E:\GAMEZ\Typer Shark Deluxe\PopUninstall.exe "E:\GAMEZ\Typer Shark Deluxe\Install.log"
Uninstall Super Guitar Chord Finder --> C:\WINNT\iun3405.exe C:\sgcfinder5t
USB CASIO Digital Camera Device Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}\Setup.exe" -uninst
VIA Integrated Setup Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Villagers (remove only) --> E:\GAMEZ\Virtual Villagers\Uninstall.exe
VX2 Cleaner plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\INSTALL.LOG
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINNT\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINNT\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\PROGRA~1\WINZIP\winzip32.exe" /uninstall
XAMPP 1.4.12 --> "c:\apachefriends\xampp\uninstall.exe"
Yahoo! Internet Mail --> C:\WINNT\system32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
YouTube Downloader 2.41 --> "C:\Program Files\FDRLab\YouTube Downloader\unins000.exe"
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1537 / Warning
Event Submitted/Written: 11/21/2007 03:19:10 PM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 8000401A.

Event Record #/Type1531 / Error
Event Submitted/Written: 11/20/2007 06:26:23 PM
Event ID/Source: 1015 / Perflib
Event Description:
The timeout waiting for the performance data collection function "PerfProc"
in the "C:\WINNT\system32\perfproc.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Event Record #/Type1530 / Warning
Event Submitted/Written: 11/20/2007 03:13:02 PM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 8000401A.

Event Record #/Type1529 / Warning
Event Submitted/Written: 11/20/2007 03:01:02 PM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 8000401A.

Event Record #/Type1528 / Warning
Event Submitted/Written: 11/20/2007 02:49:02 PM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 8000401A.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11668 / Warning
Event Submitted/Written: 11/21/2007 03:23:22 PM
Event ID/Source: 2013 / Srv
Event Description:
The G: disk is at or near capacity. You may need to delete some files.

Event Record #/Type11667 / Warning
Event Submitted/Written: 11/21/2007 03:23:22 PM
Event ID/Source: 2013 / Srv
Event Description:
The E: disk is at or near capacity. You may need to delete some files.

Event Record #/Type11666 / Error
Event Submitted/Written: 11/21/2007 03:21:42 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%ServiceLayer" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}

Event Record #/Type11665 / Error
Event Submitted/Written: 11/21/2007 03:21:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ServiceLayer service failed to start due to the following error:
%%2

Event Record #/Type11664 / Error
Event Submitted/Written: 11/21/2007 03:21:34 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%ServiceLayer" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}



-- End of Deckard's System Scanner: finished at 2007-11-21 15:41:17 ------------


Thanks!

ipeh
  • 0

#44
greyknight17
Posted 22 November 2007 - 12:14 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Are there anything special about these sites that you are trying to access? Just want to know if it's happening to just a few certain sites that have something in common.

Run ATF Cleaner again and then the Hoster program to restore the hosts file. Check your firewall to make sure it's allowing the browser to go online (most likely not the problem here, but worth a try to check it out).
  • 0

#45
ipeh
Posted 23 November 2007 - 01:49 AM

ipeh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi greyknight17,

Ran ATF & Hoster, but still can't visit those sites.

At first I thought I could only visit all the local (Indonesian hosted) sites, but then again I could visit yahoo, google, gmail, CNN, facebook, friendster, symantec, bodybuilding.com, briefing.com, fool.com, wikipedia, ebay, amazon and many others.

For some sites, I just couldn't open the page at all. Such as: ixwebhosting.com, master.web.id, netsol.com, techscape.com, singaporeair.com, biz.yahoo.com, cboe.com, dell.com, toysrus.com, and many more. Simply put, when I google something, I won't be able to open most of the results.

For youtube, I can open the page, but I cannot play any video. It will just stay at 0% and the browser says that the page is done. And for typepad.com, the page would load, but no pictures will show.

Sometimes I can open this g2g page, but sometimes I can't.

And this problem occurs, no matter I'm using Firefox, IE or Opera.
So, I'm not sure, I cannot seem to find the common denominator for this problem :)

:)

Anyway, thanks man!

ipeh
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP