Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected PC (Log included) [CLOSED]


  • This topic is locked This topic is locked

#1
Ben Tucker

Ben Tucker

    New Member

  • Member
  • Pip
  • 2 posts
I keep getting ad.yieldmanager.com, adopt.euroclick, humanclick cookie when I do spybot search and destroy scans. Can anyone help me remove them for good?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:37 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ErrorKiller\ErrorKiller.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ErrorKiller] C:\Program Files\ErrorKiller\ErrorKiller.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1194314509951
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7813 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there Ben Tucker spywarebot is a programme of dubious repute, spybot search and destroy is not what you have. May I suggest you uninstall and try this one instead SuperAntispyware Where are the problems reported, as if they are cookies you will allways get them.

As it is there is nothing readilly apparent in your log

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Ben Tucker

Ben Tucker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Sorry for the late response. Here is the output you requested.

Deckard's System Scanner v20071014.68
Run by Hobbit on 2008-01-23 16:13:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
137: 2008-01-23 22:13:19 UTC - RP137 - Deckard's System Scanner Restore Point
136: 2008-01-23 08:26:41 UTC - RP136 - Software Distribution Service 3.0
135: 2008-01-22 11:44:57 UTC - RP135 - System Checkpoint
134: 2008-01-21 10:44:57 UTC - RP134 - System Checkpoint
133: 2008-01-20 09:58:53 UTC - RP133 - System Checkpoint


-- First Restore Point --
1: 2007-11-06 15:30:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Hobbit.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:21 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ErrorKiller\ErrorKiller.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Hobbit\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hobbit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ErrorKiller] C:\Program Files\ErrorKiller\ErrorKiller.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1194314509951
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7881 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Pivot - c:\windows\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>

S3 pivotmou (Pivot Mouse/Pointers Filter Driver) - c:\windows\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>
S3 ProcAPI - c:\program files\intel corporation\thermal analysis tool\procapi.sys <Not Verified; Intel Corporation; Intel® Processor API>
S3 tat - c:\program files\intel corporation\thermal analysis tool\tat.sys <Not Verified; Intel Corporation; Intel®Thermal Analysis Tool>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625283&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625283&0&00E5
Service: yukonwxp

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&B6AFFD&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&B6AFFD&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-01-23 03:30:00 412 --a------ C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
2008-01-23 03:00:00 490 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2008-01-23 02:26:50 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-22 08:02:28 558 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Hobbit.job


-- Files created between 2007-12-23 and 2008-01-23 -----------------------------

2008-01-16 12:00:19 0 d-------- C:\Program Files\Trend Micro
2008-01-16 09:49:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 11:23:53 0 d-------- C:\Program Files\Windows Sidebar
2008-01-15 11:23:53 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-14 16:55:32 0 d-------- C:\Documents and Settings\Hobbit\Application Data\SpywareBot
2008-01-14 16:55:24 0 d-------- C:\Program Files\SpywareBot
2008-01-14 16:34:35 0 d-------- C:\Program Files\SpywareBlaster
2008-01-14 16:27:28 0 d-------- C:\Documents and Settings\Hobbit\Application Data\Lavasoft
2008-01-14 16:27:07 0 d-------- C:\Program Files\Lavasoft
2008-01-14 16:25:13 0 d-------- C:\Documents and Settings\Hobbit\Application Data\ErrorKiller
2008-01-14 16:24:47 0 d-------- C:\Program Files\ErrorKiller
2008-01-14 16:08:17 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-14 16:06:13 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-08 13:06:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-08 13:06:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-01 23:04:53 0 d-------- C:\Documents and Settings\Hobbit\Application Data\DisplayTune
2008-01-01 23:02:16 2304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-01-01 23:02:15 62009 --a------ C:\WINDOWS\system32\WPFB.DLL <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
2008-01-01 23:02:15 11323 --a------ C:\WINDOWS\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>
2008-01-01 23:02:15 17465 --a------ C:\WINDOWS\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>
2008-01-01 23:01:59 372736 --a------ C:\WINDOWS\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-01-01 23:01:55 0 d-------- C:\Program Files\Gateway
2008-01-01 23:01:55 0 d-------- C:\Program Files\Common Files\Portrait Displays
2007-12-25 22:33:30 0 d-------- C:\Documents and Settings\Hobbit\Application Data\Adobe
2007-12-25 22:33:24 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-25 22:20:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2007-12-25 19:51:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-12-25 17:43:08 0 d-------- C:\Documents and Settings\Hobbit\Application Data\Talkback
2007-12-25 17:42:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-25 17:42:48 0 d-------- C:\Documents and Settings\Hobbit\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-01-22 08:13:01 0 d-------- C:\Program Files\World of Warcraft
2008-01-22 08:11:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-20 03:42:38 0 d-------- C:\Program Files\Common Files\Logishrd
2008-01-18 13:57:37 0 d-------- C:\Program Files\Symantec
2008-01-15 11:25:40 0 d-------- C:\Program Files\Common Files
2008-01-01 23:02:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-19 10:57:09 0 d-------- C:\Documents and Settings\Hobbit\Application Data\Logitech
2007-12-19 10:55:45 0 d-------- C:\Program Files\Logitech
2007-12-19 10:55:44 0 d-------- C:\Documents and Settings\Hobbit\Application Data\InstallShield
2007-12-15 01:15:51 0 d-------- C:\Documents and Settings\Hobbit\Application Data\Fast Torrent
2007-12-14 21:24:53 0 d-------- C:\Program Files\Fast Torrent
2007-12-08 11:27:03 0 d-------- C:\Program Files\Yahoo!
2007-12-01 19:03:39 0 d-------- C:\Program Files\Windows Defender
2007-11-27 13:07:18 0 d-------- C:\Program Files\Portrait Displays
2007-11-06 09:25:52 0 -rahs---- C:\MSDOS.SYS
2007-11-06 09:25:52 0 -rahs---- C:\IO.SYS
2007-11-06 09:25:52 0 --a------ C:\CONFIG.SYS
2007-11-06 09:25:52 0 --a------ C:\AUTOEXEC.BAT
2007-11-06 09:24:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-06 01:18:54 62 --ahs---- C:\Documents and Settings\Hobbit\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/15/2008 11:25 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 12:01 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 07:34 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 07:12 AM]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [04/26/2007 04:54 PM]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [04/26/2007 05:22 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [02/09/2007 12:17 PM]
"DT GWY"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [10/09/2007 05:45 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"ErrorKiller"="C:\Program Files\ErrorKiller\ErrorKiller.exe" [10/23/2007 07:58 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/24/2007 11:07 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 10:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"spywarebot"="C:\Program Files\SpywareBot\SpywareBot.exe" [01/14/2008 01:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/19/2007 10:56:09 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-01-23 16:15:01 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
CPU 1: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2047.04 MiB / 1401.97 MiB
Pagefile Memory (total/avail): 3939.96 MiB / 3415.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 128 GiB total, 101.96 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDS722516VLSA80 - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 128 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton AntiVirus v15.0.0.58 (Symantec Corporation)
AV: Norton AntiVirus v15.0.0.58 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Hobbit\\My Documents\\wowclient-downloader.exe"="C:\\Documents and Settings\\Hobbit\\My Documents\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hobbit\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hobbit
LOGONSERVER=\\BEN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Hobbit\LOCALS~1\Temp
TMP=C:\DOCUME~1\Hobbit\LOCALS~1\Temp
USERDOMAIN=BEN
USERNAME=Hobbit
USERPROFILE=C:\Documents and Settings\Hobbit
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Hobbit (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AI Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
ErrorKiller --> MsiExec.exe /X{D531DE33-38C8-40F7-BA75-3F20AB3B951C}
EzTune --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4955758-B754-471D-9091-7CE2C3D9E9AA}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech G15 Keyboard Software 1.04 --> MsiExec.exe /X{3E354FBA-C7CE-402A-BB0D-225230BB1918}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
Pivot Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
SDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
SiSoftware Sandra Lite XIIc --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareBot --> MsiExec.exe /X{5392BEBD-84D0-4AC8-B9F1-BFE56D67B896}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Thermal Analysis Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B2C675E-8040-431B-99C4-137DF4FBF75A}\setup.exe" -l0x9 -removeonly
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wow Web Stats Client --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://wowwebstats.c.../wwsc/wws.jnlp"
WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type1265 / Error
Event Submitted/Written: 01/21/2008 10:08:55 PM
Event ID/Source: 2001 / Microsoft Office 10
Event Description:
Rejected Safe Mode action : Microsoft Outlook.

Event Record #/Type1102 / Error
Event Submitted/Written: 01/16/2008 01:43:29 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type967 / Error
Event Submitted/Written: 01/08/2008 10:07:43 PM
Event ID/Source: 2001 / Microsoft Office 10
Event Description:
Rejected Safe Mode action : Microsoft Word.

Event Record #/Type948 / Error
Event Submitted/Written: 01/06/2008 02:34:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]

Event Record #/Type935 / Error
Event Submitted/Written: 01/01/2008 11:02:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wpctrl.exe, version 8.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000265c.
Processing media-specific event for [wpctrl.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5186 / Warning
Event Submitted/Written: 01/23/2008 04:14:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BEN27 can't undo changes that you allow.

For more information please see the following:
%BEN275

Scan ID: {587ADFEF-DF6D-4769-B7EF-8E465BD9BFA1}

User: BEN\Hobbit

Name: %BEN271

ID: %BEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BEN276

Alert Type: %BEN278

Detection Type: 1.1.1593.02

Event Record #/Type5185 / Warning
Event Submitted/Written: 01/23/2008 04:14:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BEN27 can't undo changes that you allow.

For more information please see the following:
%BEN275

Scan ID: {F2A058F4-1157-455A-B007-4917C94F2B73}

User: BEN\Hobbit

Name: %BEN271

ID: %BEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BEN276

Alert Type: %BEN278

Detection Type: 1.1.1593.02

Event Record #/Type5184 / Warning
Event Submitted/Written: 01/23/2008 04:14:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BEN27 can't undo changes that you allow.

For more information please see the following:
%BEN275

Scan ID: {BE5E8F05-3B88-4926-A722-5CE8D0277E1F}

User: BEN\Hobbit

Name: %BEN271

ID: %BEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BEN276

Alert Type: %BEN278

Detection Type: 1.1.1593.02

Event Record #/Type5183 / Warning
Event Submitted/Written: 01/23/2008 04:14:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BEN27 can't undo changes that you allow.

For more information please see the following:
%BEN275

Scan ID: {36367824-3C75-494A-88BD-BA09555C0CB0}

User: BEN\Hobbit

Name: %BEN271

ID: %BEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BEN276

Alert Type: %BEN278

Detection Type: 1.1.1593.02

Event Record #/Type5182 / Warning
Event Submitted/Written: 01/23/2008 04:14:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BEN27 can't undo changes that you allow.

For more information please see the following:
%BEN275

Scan ID: {4D8392E6-2220-4811-AD0B-F1D03FE41223}

User: BEN\Hobbit

Name: %BEN271

ID: %BEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BEN276

Alert Type: %BEN278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-01-23 16:15:01 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see nothing at all there that is suspect, what files are being reported as infected ?

If they are as I suspect cookies, then you will allways get them and in themselves the vast majority are harmless

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP