Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijackthis log [RESOLVED]

Started by TheCotton , Nov 08 2007 11:53 PM

  • This topic is locked This topic is locked

#1
TheCotton
Posted 08 November 2007 - 11:53 PM

TheCotton

    New Member

  • Member
  • Pip
  • 7 posts
I hope I am posting in the right area!

I have been a having a problem for about 2 weeks now!

It started when my pc and internet started running a little slow nothing horrible but i was well over due for some basic cleaning!!!
I did an AD-Aware scan and some Malware issues came up and I followed the directions to delete/quarantine. Then I did a full Avast system scan didn't really come up with much but once again followed directions to delete/quarantine.
From there I did a windows disk cleanup and finished of with a defrag!

Everything was fine until I rebooted a few times and started getting MSDetect error messages at every startup the message gave me the option to send report to windows or not, after that closed down I was also getting an "invalid floating point error".

Anyway long story short found software on-line to solve my MSdetect issue ( MSdetect has something to with Mcafee which I don't even use)
With that error message gone another on started popping up on startup and then went away mysteriously?!?!
Over the next few days Avast was randomly popping up Trojan virus alerts, the fun part about it was when I went to delete/quarantine using avast another message popped up saying the file could not be deleted b/c it was being used by another application!

On top of all that fun my internet was barely working took about a minute just to load google home page on IE and Firefox!

Finally I gave up, went and got an external hard drive, backed up important pictures and music. Then I did a full system recovery.
Once that was done and windows was reloaded. I began reloading important stuff software for Linksys router etc.....

All said and done everything is fine as far as the pc. However my internet is still painfully slow I know My actual internet is good b/c i have my laptop and another desktop wirelessly connected to it, and internet works great on them! Like I said earlier IE and Firefox barely work.
The guy I work with was saying it sounded like I may have some kind of worm or trojan in my BIOS is that possible???

Here are the results from that Must read before posting thread!

SUPERAntiSpyware Scan Log
Generated 11/07/2007 at 04:39 PM

Application Version : 3.6.1000

Core Rules Database Version : 3339
Trace Rules Database Version: 1340

Scan type : Complete Scan
Total Scan Time : 00:19:52

Memory items scanned : 384
Memory threats detected : 0
Registry items scanned : 5143
Registry threats detected : 0
File items scanned : 28326
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@html[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt




Active Scan

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt



Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:37 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=GT4016
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT4016
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5987 bytes



I hope I didn't ramble to much I just want to give everyone a detailed idea of what has happened to help in the diagnosis!
I hope someone can help I have really tried everything I can think of and I it so frustrating to have internet that does not work!!!

Thank you in advance for all your hard work : )

Cotton
  • 0

Advertisements

#2
TheCotton
Posted 13 November 2007 - 12:16 PM

TheCotton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Does no reply mean I am screwed???
  • 0

#3
andrewuk
Posted 13 November 2007 - 02:36 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello TheCotton and welcome to geekstogo :) my name is andrewuk and i will be helping you with your problems!

I am going over your log now, and I'll be back soon with instructions on how to proceed.

In the meantime, I'd be grateful if you would note the following:

1. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

2. It's often worth reading through these instructions and printing them for ease of reference.

3. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

4. Please reply to this thread. Do not start a new topic.
  • 0

#4
TheCotton
Posted 13 November 2007 - 04:01 PM

TheCotton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks :)
  • 0

#5
andrewuk
Posted 13 November 2007 - 05:17 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

Hi TheCotton

i am having to wrap my reply in quotes, because otherwise i dont seem to be able to post it .......

Does no reply mean I am screwed???

no, but bumping your post does run the risk that we will miss your post - we search for post with no replies to start work on. for future information, there is a place on the forums called "the waiting room" where you can post if your log has not been answered in 3 days. but, here we go....... :)

your log has some general malware, but nothing too serious. so in this post, we will clear your temporary files, fix the log and do an online scan, we will also do deeper scan of your computer.


FIRSTLY, LETS CLEAR YOUR TEMPORARY FOLDERS

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



SECONDLY, LETS FIX THE GENERAL MALWARE

I see you have Viewpoint Manager installed on your PC. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware

I recommend that you remove the Viewpoint products; however, decide for yourself - the fix below will clearly indicate where i am removing Viewpoint Manager, if you wish to keep Viewpoint Manager on your machine then ignore those parts of the fix.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe <==check this entry to remove Viewpoint Manager

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint
Viewpoint Manager
Viewpoint Media Player

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Viewpoint<==delete this folder to remove Viewpoint Manager

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\ALCMTR.EXE

After that, Reboot



THIRDLY, THE ONLINE SCAN

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
FOURTHLY, THE DEEPER SCAN


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
so, in your next reply could i see:
1. the Kaspersky report
2. the Deckard System Scan Logs
3. and an update on how your computer is running

....the chances are that all those logs will be too long for one post (the post will be unable to show all the text you copy in), therefore, you may have to post the replies over a number of posts.......just make sure everything you posts comes up in the thread when you submit the reply.

andrewuk


Edited by andrewuk, 13 November 2007 - 05:19 PM.

  • 0

#6
TheCotton
Posted 14 November 2007 - 08:15 AM

TheCotton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
andrewuk,

Here are the logs from those scans!
My PC is running fine but my internet is still ridiculously slow! I have checked all the cables and connections!

Anyway here are the logs

KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 14, 2007 8:43:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/11/2007
Kaspersky Anti-Virus database records: 457951
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 59898
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:34:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\catchincotton\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP27\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C04FDB96-EF1B-47F9-B5C5-99B80CA04CAA}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DD5D427F-4DA1-4613-865F-6BE52F79BEE7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.




Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-14 08:50:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2007-11-14 13:50:12 UTC - RP29 - Deckard's System Scanner Restore Point
28: 2007-11-14 12:50:16 UTC - RP28 - System Checkpoint
27: 2007-11-13 06:23:36 UTC - RP27 - System Checkpoint
26: 2007-11-12 00:12:25 UTC - RP26 - System Checkpoint
25: 2007-11-10 18:26:51 UTC - RP25 - System Checkpoint


-- First Restore Point --
1: 2007-10-31 03:56:03 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:58 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=GT4016
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT4016
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5672 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071113-212800-142 O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
backup-20071113-212800-747 O4 - HKCU\..\Run: [Power2GoExpress] NA
backup-20071113-212800-956 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20071113-212800-967 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\304CABE40CA07
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\304CABE40CA07
Service: NIC1394


-- Files created between 2007-10-14 and 2007-11-14 -----------------------------

2007-11-13 22:02:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 22:02:13 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 22:02:12 0 d-------- C:\WINDOWS\LastGood
2007-11-08 13:43:20 0 d-------- C:\Program Files\Trend Micro
2007-11-07 18:03:18 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-07 16:22:29 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-11-07 16:04:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 16:04:38 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-07 16:04:38 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-07 16:04:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 14:40:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-07 13:56:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-07 13:56:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 23:25:04 0 d-------- C:\Program Files\burst
2007-11-05 22:49:26 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-05 22:49:26 0 d-------- C:\Program Files\FireTune
2007-11-05 22:13:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-03 21:00:23 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2007-11-03 20:59:22 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-03 00:54:21 0 d-------- C:\Program Files\MSXML 4.0
2007-11-03 00:12:29 0 d-------- C:\WINDOWS\Sun
2007-11-03 00:12:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-11-02 20:08:42 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-02 19:29:06 0 d-------- C:\Program Files\Absolute Poker
2007-11-02 19:29:03 0 d-------- C:\Program Files\_uninstallation_info
2007-11-02 19:05:29 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-11-02 19:05:26 0 d-------- C:\Program Files\Winamp Remote
2007-11-02 19:04:57 0 d-------- C:\Program Files\Winamp
2007-11-02 19:04:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2007-11-02 18:56:06 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-11-02 18:55:34 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-02 18:55:17 0 d-------- C:\Program Files\AIM6
2007-11-02 18:38:23 1092 --a------ C:\WINDOWS\checkip.dat
2007-10-31 22:42:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-10-31 22:42:04 1156 --a------ C:\WINDOWS\mozver.dat
2007-10-31 21:10:34 0 d---s---- C:\Documents and Settings\Owner\UserData
2007-10-31 00:03:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-10-30 23:27:31 0 d-------- C:\Program Files\Alwil Software
2007-10-30 23:07:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-10-30 23:00:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-30 22:56:39 0 d-------- C:\WINDOWS\system32\Lang
2007-10-30 22:56:15 0 d-------- C:\Documents and Settings\Owner\WINDOWS
2007-10-30 22:56:15 0 d--h----- C:\Documents and Settings\Owner\Templates
2007-10-30 22:56:15 0 dr------- C:\Documents and Settings\Owner\Start Menu
2007-10-30 22:56:15 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2007-10-30 22:56:15 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-10-30 22:56:15 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2007-10-30 22:56:15 1572864 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2007-10-30 22:56:15 0 d--h----- C:\Documents and Settings\Owner\NetHood
2007-10-30 22:56:15 0 dr------- C:\Documents and Settings\Owner\My Documents
2007-10-30 22:56:15 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2007-10-30 22:56:15 0 dr------- C:\Documents and Settings\Owner\Favorites
2007-10-30 22:56:15 0 d-------- C:\Documents and Settings\Owner\Desktop
2007-10-30 22:56:15 0 d---s---- C:\Documents and Settings\Owner\Cookies
2007-10-30 22:56:15 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2007-10-30 22:56:15 0 d-------- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
2007-10-30 22:56:15 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2007-10-30 22:56:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-10-30 22:56:15 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2007-10-30 22:55:50 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2007-10-30 22:55:50 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2007-10-30 22:55:50 0 d-------- C:\Documents and Settings\Default User\Application Data\AOL
2007-10-30 22:41:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-30 22:32:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-30 17:22:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-10-30 17:10:50 0 d-------- C:\Program Files\McAfee.com
2007-10-30 17:10:32 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-30 17:10:00 0 d-------- C:\Program Files\Microsoft Money 2006
2007-10-30 17:09:51 0 d-------- C:\Program Files\BigFix
2007-10-30 17:09:14 0 d-------- C:\Program Files\Microsoft Works
2007-10-30 17:09:02 0 d-------- C:\Program Files\MSN Encarta Plus
2007-10-30 17:08:40 0 d-------- C:\Program Files\Digital Media Reader
2007-10-30 17:08:33 0 d-------- C:\WINDOWS\Downloaded Installations
2007-10-30 17:07:53 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-10-30 17:07:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-10-30 17:07:41 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-10-30 17:07:36 0 d-------- C:\WINDOWS\system32\QuickTime
2007-10-30 17:07:36 0 d-------- C:\Program Files\QuickTime
2007-10-30 17:07:36 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-30 17:07:32 0 d-------- C:\My Music
2007-10-30 17:07:31 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2007-10-30 17:07:28 0 d-------- C:\Program Files\Real
2007-10-30 17:07:28 0 d-------- C:\Program Files\Common Files\Real
2007-10-30 17:07:23 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2007-10-30 17:07:23 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2007-10-30 17:07:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-30 17:07:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-10-30 17:07:16 0 d-------- C:\Program Files\Pure Networks
2007-10-30 17:06:48 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-30 17:06:41 335 --a------ C:\WINDOWS\nsreg.dat
2007-10-30 17:06:41 0 d-------- C:\Program Files\Common Files\AOL
2007-10-30 17:06:31 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-30 17:06:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2007-10-30 17:06:14 0 d-------- C:\Program Files\Napster
2007-10-30 17:05:37 0 d-------- C:\WINDOWS\system32\RTCOM
2007-10-30 17:05:37 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-10-30 17:05:34 0 d-------- C:\Program Files\Realtek
2007-10-30 17:05:30 487424 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-10-30 17:05:09 550912 --a------ C:\WINDOWS\zHotkey.exe <Not Verified; ; Multimedia Keyboard Driver>
2007-10-30 17:05:09 36864 --a------ C:\WINDOWS\ShowWnd.exe
2007-10-30 17:05:09 532544 --a------ C:\WINDOWS\PIC.dll
2007-10-30 17:05:09 4223 --a------ C:\WINDOWS\mHotkey.reg
2007-10-30 17:05:09 24576 --a------ C:\WINDOWS\HKNTDLL.dll
2007-10-30 17:05:09 11776 --a------ C:\WINDOWS\HIDMNT.dll
2007-10-30 17:04:41 0 d-------- C:\WINDOWS\nview
2007-10-30 17:04:23 4 --a------ C:\WINDOWS\Pix11.dat
2007-10-30 17:04:08 0 d-------- C:\Program Files\Microsoft Digital Image 2006
2007-10-30 17:03:55 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-30 17:03:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-30 17:03:37 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2007-10-30 17:03:10 0 d-------- C:\Program Files\Java
2007-10-30 17:03:09 0 d-------- C:\Program Files\Common Files\Java
2007-10-30 17:01:28 94208 --a------ C:\WINDOWS\system32\bae.dll <Not Verified; Gateway Inc.; Browser Address Error Redirector>
2007-10-30 17:00:21 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2007-10-30 16:59:24 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2007-10-30 16:59:21 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-10-30 16:59:02 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-30 16:58:56 0 d-------- C:\WINDOWS\SHELLNEW
2007-10-30 16:58:48 0 d-------- C:\Program Files\Microsoft.NET
2007-10-30 16:58:35 0 dr-h----- C:\MSOCache
2007-10-30 16:56:31 0 d-------- C:\Program Files\Google
2007-10-30 16:54:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-30 16:54:07 0 d-------- C:\Program Files\CyberLink
2007-10-30 16:53:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-10-30 16:53:46 0 d-------- C:\Program Files\Common Files\New Boundary
2007-10-30 16:53:46 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-30 16:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2007-10-30 16:51:39 2 -r-hs---- C:\USER
2007-10-30 16:51:39 2 --a------ C:\REQUEST_OEMRESET_ENDUSER
2007-10-30 16:50:49 0 d-------- C:\Program Files\CONEXANT
2007-10-30 16:49:24 0 d--hs---- C:\System Volume Information
2007-10-30 15:48:03 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2007-10-30 15:48:00 0 d-------- C:\WINDOWS\creator
2007-10-30 15:47:14 0 d-------- C:\WINDOWS\SMINST
2007-10-30 15:47:11 0 d-------- C:\WINDOWS\I386


-- Find3M Report ---------------------------------------------------------------

2007-11-07 16:04:20 0 d-------- C:\Program Files\Common Files
2007-10-30 15:47:11 0 d-------- C:\Program Files\Windows NT
2007-10-30 15:47:10 0 d-------- C:\Program Files\Movie Maker
2007-10-30 15:47:09 0 d-------- C:\Program Files\Messenger
2007-10-30 15:44:11 0 d-------- C:\Program Files\Windows Plus
2007-10-30 15:44:11 0 d-------- C:\Program Files\Online Services
2007-10-30 15:44:11 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-30 15:44:11 0 d-------- C:\Program Files\microsoft frontpage
2007-10-30 15:44:11 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-30 15:44:11 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-30 15:44:11 0 d-------- C:\Program Files\Common Files\MSSoap


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/18/2005 11:32 AM]
"nwiz"="nwiz.exe" [09/18/2005 11:32 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/18/2005 11:32 AM]
"CHotkey"="zHotkey.exe" [12/08/2004 08:57 PM C:\WINDOWS\zHotkey.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 08:07 PM C:\WINDOWS\system32\HdAShCut.exe]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [08/27/2005 08:09 AM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [09/14/2005 02:38 PM C:\WINDOWS\RTHDCPL.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10/10/2007 12:28 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/31/2007 09:15 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 10:20 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [11/07/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [10/30/2007 5:09:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 11/07/2007 05:43 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL




-- End of Deckard's System Scanner: finished at 2007-11-14 08:56:10 ------------

DSSExtra will be in my next post.
  • 0

#7
TheCotton
Posted 14 November 2007 - 08:17 AM

TheCotton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3700+
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 894.42 MiB / 476.43 MiB
Pagefile Memory (total/avail): 2165.5 MiB / 1818.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1873.37 MiB

C: is Fixed (NTFS) - 182.22 GiB total, 124.11 GiB free.
D: is Fixed (FAT32) - 4.07 GiB total, 1.39 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200826A - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.22 GiB - C:
\PARTITION1 - Unknown - 4.08 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1043 [VPS 071113-1] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1193782009\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1193782009\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe"="C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe:*:Enabled:burst! download engine"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COTTON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\COTTON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 55 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=3702
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=COTTON
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Poker --> C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
burst! v3.1.0 --> "C:\Program Files\burst\uninstall.exe"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
FireTune --> C:\WINDOWS\iun6002.exe "C:\Program Files\FireTune\irunin.ini"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type98 / Error
Event Submitted/Written: 11/14/2007 08:55:03 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type97 / Error
Event Submitted/Written: 11/14/2007 08:53:09 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type96 / Error
Event Submitted/Written: 11/14/2007 08:53:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type95 / Error
Event Submitted/Written: 11/14/2007 08:53:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type94 / Error
Event Submitted/Written: 11/14/2007 08:53:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1440 / Error
Event Submitted/Written: 11/13/2007 09:43:59 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type1439 / Error
Event Submitted/Written: 11/13/2007 09:30:47 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswTdi
AVG Anti-Spyware Driver
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Event Record #/Type1438 / Error
Event Submitted/Written: 11/13/2007 09:30:47 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type1437 / Error
Event Submitted/Written: 11/13/2007 09:30:47 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Event Record #/Type1436 / Error
Event Submitted/Written: 11/13/2007 09:30:47 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2007-11-14 08:56:10 ------------




Thank you for all you help
thecotton
  • 0

#8
andrewuk
Posted 14 November 2007 - 05:03 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Can i have these files scanned please:

Jotti File Submissions:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\iun6002.exe

Click on the submit button

Please also do the same with the following five files:
C:\WINDOWS\system32\SimpleRegistry.dll
C:\WINDOWS\system32\aamd532.dll
C:\WINDOWS\nsreg.dat
C:\WINDOWS\PIC.dll
C:\WINDOWS\Pix11.dat


Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal

andrewuk
  • 0

#9
TheCotton
Posted 14 November 2007 - 06:29 PM

TheCotton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here they are.

File: iun6002.exe
Status:
OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 456462905091db042141487fe030e3c9
Packers detected:
-
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 15 Nov 2007 00:08:18 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



Service load:
0% 100%
File: SimpleRegistry.dll
Status:
OK
MD5: b82c834bdb716176dd9ce01ef19d7199
Packers detected:
-
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 15 Nov 2007 00:12:50 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



Service load:
0% 100%
File: aamd532.dll
Status:
OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: cefd956a1ef122cda4d53007bab6c694
Packers detected:
-
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 15 Nov 2007 00:17:31 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



Service load:
0% 100%
File: nsreg.dat
Status:
OK
MD5: c76c4569d2ee1daa7f5eefc9fa2c454d
Packers detected:
-
Bit9 reports: Not analyzed yet (more info)
Scanner results
Scan taken on 15 Nov 2007 00:21:29 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing




Service load:
0% 100%
File: PIC.dll
Status:
OK
MD5: d98b44ee60109f8ebd94adb4379eb2f2
Packers detected:
-
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 15 Nov 2007 00:25:13 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



Service load:
0% 100%
File: Pix11.dat
Status:
OK
MD5: 59660d265e55bba85f0c6efa0523d3da
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 15 Nov 2007 00:26:33 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


Thanks
Cotton
  • 0

#10
don77
Posted 19 November 2007 - 09:21 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Thecotton
I m sorry for the delay I meant to post this a few days ago


Download WinAudit from here:

http://www.psdu506.d...uk/WinAudit.exe

Click on WinAudit.exe, then on Options. Click on None to clear the checkmarks. Select Memory and click on Apply. Click on Audit.

Once finished, select Memory and click on Save. Save the report on your desktop as a .txt document and post its contents in a reply.
  • 0

#11
TheCotton
Posted 20 November 2007 - 05:30 PM

TheCotton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the results from that scan!
I unplugged my internet modem and cable modem the other day and pulled everything out and hooked it all back up and my internet is running a little bit faster, not perfect but better.
I am wondering if there is something wrong with the physical plugs in the back of my router I have Linksys VOIP wireless router with Vonage I am not using the vonage side of the router.
Has anyone heard of anyone having problems with this router, I have noticed it gets very hot?!?!?
I am thinking of buying a standard Linksys wireless router just to make sure it is not the router!
Thanks for all the help.

Cotton

Attached Files


  • 0

#12
don77
Posted 21 November 2007 - 09:29 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
That seems fine
I would suggest you start a new topic in the networking forum this is not a malware issue
  • 0

#13
andrewuk
Posted 12 April 2008 - 10:47 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP