Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Here we go again... Spyware attack on my computer!

Started by PixelHappy , Dec 28 2007 12:37 PM

  • This topic is locked This topic is locked

#1
PixelHappy
Posted 28 December 2007 - 12:37 PM

PixelHappy

    Member

  • Member
  • PipPip
  • 47 posts
I can't upload any files and everytime I click on a link, it redirects to a spam site.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:18 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 2143 bytes
  • 0

Advertisements

#2
kahdah
Posted 29 December 2007 - 01:10 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Welcome back Pixelhappy :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
PixelHappy
Posted 29 December 2007 - 04:01 PM

PixelHappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Deckard's System Scanner v20071014.68
Run by Jamie Silva on 2007-12-29 16:58:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2007-12-29 21:58:32 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2007-12-28 18:40:37 UTC - RP8 - Installed BCL easyPDF Printer Driver 5.0.
7: 2007-12-28 17:52:09 UTC - RP7 - Software Distribution Service 3.0
6: 2007-12-28 17:37:29 UTC - RP6 - Spybot-S&D Spyware removal
5: 2007-12-28 17:15:59 UTC - RP5 - Spybot-S&D Spyware removal


-- First Restore Point --
1: 2007-12-25 16:31:16 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jamie Silva.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:29 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jamie Silva\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jamie Silva.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 2275 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071228-124800-119 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
backup-20071228-124800-217 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
backup-20071228-124800-223 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20071228-124800-231 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20071228-124800-266 O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
backup-20071228-124800-339 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20071228-124800-355 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071228-124800-422 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20071228-124800-452 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
backup-20071228-124800-554 O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
backup-20071228-124800-661 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20071228-124800-708 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20071228-124800-903 O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
backup-20071228-124800-971 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20071228-124816-806 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
backup-20071228-124817-230 O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.phoenix.a....cab?cache=true
backup-20071228-124817-901 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
backup-20071228-124818-101 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
backup-20071228-124818-429 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
backup-20071228-124819-627 O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
backup-20071228-124819-648 O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
backup-20071228-124820-108 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071228-124820-168 O17 - HKLM\System\CS1\Services\Tcpip\..\{0CCE52FE-DABB-456A-B05F-7992A3973928}: NameServer = 208.67.220.220,208.67.222.222
backup-20071228-124820-225 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20071228-124820-499 O17 - HKLM\System\CS2\Services\Tcpip\..\{0CCE52FE-DABB-456A-B05F-7992A3973928}: NameServer = 85.255.113.91,85.255.112.238
backup-20071228-124820-520 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
backup-20071228-124820-538 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20071228-124820-548 O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
backup-20071228-124820-606 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.91 85.255.112.238
backup-20071228-124820-613 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20071228-124820-730 O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
backup-20071228-124820-762 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20071228-124820-824 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20071228-124820-873 O17 - HKLM\System\CCS\Services\Tcpip\..\{63C84492-5472-4FB3-A898-08A82CAFA0AD}: NameServer = 85.255.113.91,85.255.112.238
backup-20071228-124820-920 O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
backup-20071228-124820-990 O17 - HKLM\System\CCS\Services\Tcpip\..\{0CCE52FE-DABB-456A-B05F-7992A3973928}: NameServer = 208.67.220.220,208.67.222.222
backup-20071228-124843-278 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20071228-124843-342 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20071228-124843-387 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
backup-20071228-124843-630 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071228-124843-644 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20071228-124843-684 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20071228-124843-776 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20071228-124843-836 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
backup-20071228-124843-857 O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
backup-20071228-124843-868 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
backup-20071228-124843-932 O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
backup-20071228-133442-415 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20071228-133443-150 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071228-133443-253 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
backup-20071228-133443-755 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20071228-133443-787 O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
backup-20071228-133443-915 O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
backup-20071228-133443-922 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
backup-20071228-133443-965 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
backup-20071228-133443-976 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20071228-133453-414 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071228-133453-461 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20071228-133453-575 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
backup-20071228-133453-639 O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
backup-20071228-133453-656 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
backup-20071228-133453-724 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20071228-133453-910 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
backup-20071228-133453-931 O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
backup-20071228-133453-985 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>

S3 catchme - c:\docume~1\jamies~1\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 astcc (AST Service) - c:\windows\system32\astsrv.exe <Not Verified; Advanced Software Technologies; A.S.T Copy Protection>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 KodakSvc (Kodak AiO Device Service) - "c:\program files\kodak\printer\center\kodaksvc.exe" <Not Verified; SDSD; KodakSvc>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 sdAuxService (PC Tools Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe (file missing)
S3 sdCoreService (PC Tools Security Service) - c:\program files\spyware doctor\swdsvc.exe (file missing)
S4 ColdFusion MX 7 Application Server - "c:\cfusionmx7\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
S4 ColdFusion MX 7 ODBC Agent - c:\cfusionmx7\db\slserver54\bin\swagent.exe "coldfusion mx 7 odbc agent"
S4 ColdFusion MX 7 ODBC Server - c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "coldfusion mx 7 odbc server"
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-23 19:53:52 448 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2007-12-22 19:53:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-29 and 2007-12-29 -----------------------------

2007-12-29 00:06:51 5 --a------ C:\WINDOWS\system32\sdfixwcs.dll
2007-12-28 16:55:32 8 --a------ C:\WINDOWS\system32\rasqervy.dll
2007-12-28 16:55:26 8 --a------ C:\WINDOWS\system32\sdfinacs.dll
2007-12-28 16:43:48 103 --a------ C:\WINDOWS\system32\wuasirvy.dll
2007-12-28 14:11:55 0 d-------- C:\VundoFix Backups
2007-12-28 14:10:12 0 d-------- C:\Program Files\Enigma Software Group
2007-12-28 13:40:42 0 d-------- C:\Program Files\Common Files\BCL Technologies
2007-12-28 13:40:42 0 d-------- C:\Program Files\BCL Technologies
2007-12-28 12:40:52 0 d-------- C:\Program Files\Trend Micro
2007-12-24 17:21:41 0 d-------- C:\Program Files\UltimateZip 2007
2007-12-24 14:42:53 0 d-------- C:\Program Files\Bonjour
2007-12-24 14:26:18 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 18:24:59 0 d-------- C:\WINDOWS\network diagnostic
2007-12-13 19:19:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-13 19:19:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-11 21:20:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-11 21:20:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-11 21:20:09 0 d-------- C:\Documents and Settings\Jamie Silva\Application Data\SUPERAntiSpyware.com


-- Find3M Report ---------------------------------------------------------------

2007-12-29 12:48:42 0 d-------- C:\Documents and Settings\Jamie Silva\Application Data\AVG7
2007-12-28 13:40:42 0 d-a------ C:\Program Files\Common Files
2007-12-26 15:57:01 47896 --a------ C:\Documents and Settings\Jamie Silva\Application Data\GDIPFONTCACHEV1.DAT
2007-12-24 17:05:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 17:03:15 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-24 15:42:09 0 d-------- C:\Documents and Settings\Jamie Silva\Application Data\Adobe
2007-12-18 18:44:11 0 d-------- C:\Program Files\QuickTime
2007-12-14 16:15:19 0 d-------- C:\Program Files\Google
2007-11-27 19:26:02 0 d-------- C:\Program Files\SmartDraw 2008
2007-11-27 19:11:40 0 d-------- C:\Program Files\LimeWire
2007-11-25 12:57:42 0 d-------- C:\Program Files\Lavasoft
2007-11-22 19:00:15 0 d-------- C:\Documents and Settings\Jamie Silva\Application Data\BitTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="" []

C:\Documents and Settings\Jamie Silva\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2007-12-29 17:00:16 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1278 MiB / 836.55 MiB
Pagefile Memory (total/avail): 1517.26 MiB / 1258.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.98 MiB

C: is Fixed (NTFS) - 37.21 GiB total, 11.65 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:bittorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jamie Silva\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMIE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jamie Silva
LOGONSERVER=\\JAMIE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\CFusionMX7\verity\k2\_nti40\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\WINDOWS\System32\gs\gs7.05\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JAMIES~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JAMIES~1\LOCALS~1\Temp
USERDOMAIN=JAMIE
USERNAME=Jamie Silva
USERPROFILE=C:\Documents and Settings\Jamie Silva
VERITY_CFG=C:\CFusionMX7\verity\k2\common\verity.cfg
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jamie Silva (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
aiofw --> MsiExec.exe /I{791E3D44-33D3-4446-82AD-5CD4B0169083}
aioprnt --> MsiExec.exe /I{2A97D5B3-A989-47E1-B207-1CA9E3635655}
aioscnnr --> MsiExec.exe /I{C0251585-1BE8-4278-B3CB-964B6E01C59D}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BCL easyPDF Printer Driver 5.0 --> MsiExec.exe /I{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
center --> MsiExec.exe /I{79E41D91-BA1C-44B9-9358-48E598263ECF}
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Conexant SmartHSFi V.9x 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Help_CTR --> MsiExec.exe /I{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}
helptut --> MsiExec.exe /I{843081BD-351F-46FC-8A17-517A0D9117A3}
helpug --> MsiExec.exe /I{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 3900 series --> C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Investment Performance Calculator - 2.01 --> "C:\Program Files\Investment Performance Calculator\unins001.exe"
Investment Performance Calculator Version 3.0 --> "C:\Program Files\Investment Performance Calculator\unins000.exe"
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
ksdip --> MsiExec.exe /I{73F1681F-ADE1-461F-9F18-B7640507D395}
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OfotoNow --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2875A5F5-E613-4F99-9B47-8882C9DD24A5}\Setup.exe" -l0x9 anything
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Rio Internet Update --> MsiExec.exe /X{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stomp RecordNow MAX --> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
UltimateZip 2007 --> "C:\Program Files\UltimateZip 2007\unins000.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type8504 / Error
Event Submitted/Written: 12/28/2007 02:24:08 PM
Event ID/Source: 100 / AVG7
Event Description:
2007-12-28 19:24:08,109 JAMIE [001656:001668] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(3660) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type8492 / Warning
Event Submitted/Written: 12/28/2007 11:33:20 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'SpellingAndGrammarFiles_1036' failed during request for component '{E938403A-9432-11D2-900A-00805F9B1201}'

Event Record #/Type8485 / Error
Event Submitted/Written: 12/27/2007 03:19:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x0000976f.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type8442 / Error
Event Submitted/Written: 12/20/2007 09:12:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8436 / Error
Event Submitted/Written: 12/18/2007 05:19:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 10.0.2627.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30261 / Warning
Event Submitted/Written: 12/28/2007 01:40:49 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver easyPDF Printer 5 for Windows NT x86 Version-3 was added or updated. Files:- epdpdrv5.dll, epdpdui5.dll, epdfd5.rsb.

Event Record #/Type30233 / Error
Event Submitted/Written: 12/28/2007 00:59:31 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 7 for Windows XP.

Event Record #/Type30197 / Warning
Event Submitted/Written: 12/28/2007 11:31:56 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type30196 / Warning
Event Submitted/Written: 12/28/2007 09:41:25 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type30193 / Warning
Event Submitted/Written: 12/28/2007 08:45:59 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-12-29 17:00:16 ------------
  • 0

#4
kahdah
Posted 29 December 2007 - 04:33 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
PixelHappy
Posted 31 December 2007 - 10:57 AM

PixelHappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ComboFix 07-12-21.4 - Jamie Silva 2007-12-29 20:26:58.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.876 [GMT -5:00]
Running from: C:\Documents and Settings\Jamie Silva\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ctfmon.dll
C:\WINDOWS\system32\rasqervy.dll
C:\WINDOWS\system32\sdfinacs.dll
C:\WINDOWS\system32\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-29 16:58 . 2007-12-29 16:58 <DIR> d-------- C:\Deckard
2007-12-29 00:06 . 2007-12-29 20:27 5 --a------ C:\WINDOWS\SYSTEM32\sdfixwcs.dll
2007-12-28 16:43 . 2007-12-29 00:07 17,920 --a------ C:\WINDOWS\msacm32.drv
2007-12-28 14:11 . 2007-12-28 14:11 <DIR> d-------- C:\VundoFix Backups
2007-12-28 14:10 . 2007-12-28 14:10 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-28 13:40 . 2007-12-28 13:40 <DIR> d-------- C:\Program Files\Common Files\BCL Technologies
2007-12-28 13:40 . 2007-12-28 13:40 <DIR> d-------- C:\Program Files\BCL Technologies
2007-12-28 12:40 . 2007-12-28 12:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 17:21 . 2007-12-28 08:01 <DIR> d-------- C:\Program Files\UltimateZip 2007
2007-12-24 14:42 . 2007-12-24 14:42 <DIR> d-------- C:\Program Files\Bonjour
2007-12-24 14:26 . 2007-12-24 14:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-18 17:39 . 2007-12-18 17:39 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-18 17:39 . 2007-12-18 17:39 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-17 18:24 . 2006-06-03 06:40 33,792 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-12-17 18:04 . 2007-12-17 18:04 250 --a------ C:\WINDOWS\gmer.ini
2007-12-13 19:19 . 2007-12-13 19:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-12-13 19:19 . 2007-12-13 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 21:20 . 2007-12-24 17:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-11 21:20 . 2007-12-24 17:05 <DIR> d-------- C:\Documents and Settings\Jamie Silva\Application Data\SUPERAntiSpyware.com
2007-12-11 21:20 . 2007-12-11 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-09 15:57 . 2007-12-15 08:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-09 15:57 . 2007-12-09 15:57 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-27 21:39 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-25 12:57 . 2007-11-25 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-25 12:56 . 2007-12-24 17:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 17:48 --------- d-----w C:\Documents and Settings\Jamie Silva\Application Data\AVG7
2007-12-26 20:57 47,896 ----a-w C:\Documents and Settings\Jamie Silva\Application Data\GDIPFONTCACHEV1.DAT
2007-12-24 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-18 23:44 --------- d-----w C:\Program Files\QuickTime
2007-12-14 21:15 --------- d-----w C:\Program Files\Google
2007-11-28 00:26 --------- d-----w C:\Program Files\SmartDraw 2008
2007-11-28 00:11 --------- d-----w C:\Program Files\LimeWire
2007-11-25 17:57 --------- d-----w C:\Program Files\Lavasoft
2007-11-23 00:00 --------- d-----w C:\Documents and Settings\Jamie Silva\Application Data\BitTorrent
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2007-04-03 08:54 753664 --a------ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-01 16:51 257088 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 03:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

R2 KodakSvc;Kodak AiO Device Service;"C:\Program Files\Kodak\printer\center\KodakSvc.exe" [2007-03-22 18:04]
S4 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;"C:\CFusionMX7\runtime\bin\jrunsvc.exe" [2006-06-13 10:30]
S4 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;C:\CFusionMX7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" []
S4 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;C:\CFusionMX7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 00:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-24 00:53:52 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.1.20.7.sxt _RegistrationOffer@16
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 11:48:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 11:50:05 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-17 18:03
C:\ComboFix3.txt ... 2007-12-16 20:07
.
2007-12-28 17:59:26 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:37 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CCE52FE-DABB-456A-B05F-7992A3973928}: NameServer = 85.255.113.91,85.255.112.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}: NameServer = 85.255.113.91,85.255.112.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C84492-5472-4FB3-A898-08A82CAFA0AD}: NameServer = 85.255.113.91,85.255.112.238
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.91 85.255.112.238
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CCE52FE-DABB-456A-B05F-7992A3973928}: NameServer = 85.255.113.91,85.255.112.238
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.91 85.255.112.238
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 3188 bytes
  • 0

#6
kahdah
Posted 31 December 2007 - 01:51 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log
  • 0

#7
PixelHappy
Posted 31 December 2007 - 06:16 PM

PixelHappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Username "Jamie Silva" - 12/31/2007 19:11:30 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpsi.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.91 85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0CCE52FE-DABB-456A-B05F-7992A3973928}
"nameserver"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}
"nameserver"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{63C84492-5472-4FB3-A898-08A82CAFA0AD}
"nameserver"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0CCE52FE-DABB-456A-B05F-7992A3973928}
"DhcpNameServer"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}
"DhcpNameServer"="85.255.113.91,85.255.112.238" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{63C84492-5472-4FB3-A898-08A82CAFA0AD}
"DhcpNameServer"="85.255.113.91,85.255.112.238" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\TEMP\kdpsi.ren 76288 06/13/2007


C:\Program Files\UltimateZip 2007 < Found
Additional tools are recommended.

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"RegistryMechanic"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\System32\AUTOEXEC.NT missing
~~~~~ End report ~~~~~



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:40 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 2430 bytes
  • 0

#8
kahdah
Posted 31 December 2007 - 07:19 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\sdfixwcs.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    Click "Exit" to close OTMoveIt.

    **When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================================
I would like for you to run Fixwareout again please.
Save the log to post in your next reply along with the following:

If SUperantispyware is still installed then you don't have to download it again.

Please download SUPERAntiSpyware Home Edition (free version).
–Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Scan for Alternate Data streams
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then run Superantispyware.
  • Double click on the icon to start Superantispyware.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log and the Fixwareout log and the OTMove it log.

Edited by kahdah, 31 December 2007 - 07:28 PM.

  • 0

#9
PixelHappy
Posted 01 January 2008 - 06:44 PM

PixelHappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
LoadLibrary failed for C:\WINDOWS\SYSTEM32\sdfixwcs.dll
C:\WINDOWS\SYSTEM32\sdfixwcs.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\sdfixwcs.dll moved successfully.

Created on 01/01/2008 10:42:20


Username "Jamie Silva" - 01/01/2008 10:43:05 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\TEMP\kdpsi.ren 76288 06/13/2007


C:\Program Files\UltimateZip 2007 < Found
Additional tools are recommended.

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\System32\AUTOEXEC.NT missing
~~~~~ End report ~~~~~



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:34 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 2806 bytes
  • 0

#10
kahdah
Posted 01 January 2008 - 07:01 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\TEMP\kdpsi.ren
    C:\Program Files\UltimateZip 2007

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    Click "Exit" to close OTMoveIt.

    **When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Did you run Suoerantispyware do you have the log?
If so can you post it here please.
  • 0

Advertisements

#11
PixelHappy
Posted 02 January 2008 - 08:27 PM

PixelHappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
C:\WINDOWS\TEMP\kdpsi.ren moved successfully.
C:\Program Files\UltimateZip 2007\skins moved successfully.
C:\Program Files\UltimateZip 2007\sfx moved successfully.
C:\Program Files\UltimateZip 2007\icons moved successfully.
C:\Program Files\UltimateZip 2007 moved successfully.

Created on 01/02/2008 21:26:02

======================================
Sorry I thought I had posted it yesterday. Here you go.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/01/2008 at 02:09 PM

Application Version : 3.9.1008

Core Rules Database Version : 3371
Trace Rules Database Version: 1366

Scan type : Complete Scan
Total Scan Time : 03:17:30

Memory items scanned : 160
Memory threats detected : 0
Registry items scanned : 5773
Registry threats detected : 0
File items scanned : 97707
File threats detected : 47

Adware.Tracking Cookie
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@partner2profit[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@specificclick[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@nomediakings[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@realmedia[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@tribalfusion[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@bluestreak[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@crackserialkeygen[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@media6degrees[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@zedo[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@questionmarket[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@hitbox[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@1070299046[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@trafficmp[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@atdmt[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@advertising[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@enhance[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@tacoda[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@warezreleases[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@burstnet[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@revsci[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@adrevolver[3].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@statcounter[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@clicksor[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@2o7[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@mediaplex[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@adserver[2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@adrevolver[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@fastclick[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie silva@doubleclick[1].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt
C:\Documents and Settings\Jamie Silva\Cookies\jamie [email protected][2].txt

Trojan.Downloader-ChinaHot
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0000359.EXE

================================================
  • 0

#12
kahdah
Posted 02 January 2008 - 08:32 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
PixelHappy
Posted 03 January 2008 - 08:39 PM

PixelHappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I think they changed the site... I can't find the virus scanner.
  • 0

#14
kahdah
Posted 03 January 2008 - 08:44 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#15
PixelHappy
Posted 05 January 2008 - 10:59 AM

PixelHappy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Scanning Report
Saturday, January 05, 2008 09:14:50 - 11:59:01
Computer name: JAMIE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 43 malware found
Stealth_file (hidden item)
C:\WINDOWS\SYSTEM32\KDAWN.EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System (Disinfected)
System (Disinfected)
System (Disinfected)
System (Disinfected)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan.Win32.Agent.drt (virus)
C:\WINDOWS\MSACM32.DRV (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0000569.DRV (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0000570.DLL (Renamed & Submitted)
C:\PROGRAM FILES\INTERNET EXPLORER\SETUPAPI.DLL (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 72559
System: 4542
Not scanned: 6
Actions:
Disinfected: 6
Renamed: 4
Deleted: 0
None: 33
Submitted: 5
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{43349428-C482-4DDB-9E0B-4043CBBEE126}.BIN
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0000356.DLL
C:\DECKARD\SYSTEM SCANNER\BACKUP\WINDOWS\TEMP\HSPERFDATA_SYSTEM\476

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-01-04
F-Secure AVP: 7.0.171, 2008-01-04
F-Secure Orion: 1.2.37, 2008-01-04
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0627-150-72
F-Secure Pegasus: 1.19.0, 2007-11-30
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP