Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

will someone look over my log [RESOLVED]


  • This topic is locked This topic is locked

#1
zack4290

zack4290

    Member

  • Member
  • PipPip
  • 10 posts
so here is my log if someone will look it over and tell me what they think that good be nice
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:45 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5E042651-BD9D-EB61-ECE9-C76E8B9DC8B8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {3506626b-6f26-a53b-0f74-bc2afcc2364a} - {a4632ccf-a2cb-47f0-b35a-62f6b6266053} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {E60578D0-14EF-4891-8B70-FFD46123F38E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 4902 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there all I can see thus far is two suspect BHO's so I will remove them and do a deep search... Why do you think you have a virus ?

When you run Hijackthis and DSS please right click the icon and select run as Administrator otherwise they will not work properly

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {5E042651-BD9D-EB61-ECE9-C76E8B9DC8B8} - (no file)
O2 - BHO: (no name) - {E60578D0-14EF-4891-8B70-FFD46123F38E} - (no file)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok so here is my main log i tryed to run as adm but i asked for a password and im the adm of the machine so i ran with my user name thanks for getting back to me

Deckard's System Scanner v20071014.68
Run by Z&R on 2008-02-14 20:21:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-15 03:21:40 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Z&R.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:23 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Documents and Settings\Z&R\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Z&R.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 4725 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080214-101335-596 O2 - BHO: (no name) - {E60578D0-14EF-4891-8B70-FFD46123F38E} - (no file)
backup-20080214-101335-816 O2 - BHO: {3506626b-6f26-a53b-0f74-bc2afcc2364a} - {a4632ccf-a2cb-47f0-b35a-62f6b6266053} - (no file)
backup-20080214-101335-899 O2 - BHO: (no name) - {5E042651-BD9D-EB61-ECE9-C76E8B9DC8B8} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.6) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem>
R3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 PRISM_A02 (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\prismaxp.sys <Not Verified; GlobespanVirata, Inc.; PRISM 802.11 Wireless LAN>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys (file missing)
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Belkin 54Mbps Wireless USB (Belkin 54Mbps Wireless USB Network Service) - c:\program files\belkin usb wireless monitor\wlservice.exe
S4 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 20:10:12 0 d-------- C:\Program Files\MSXML 6.0
2008-02-14 10:05:48 0 d-------- C:\8c7e8ee0102d4b6f4ea227383b
2008-02-14 09:36:49 0 d-------- C:\WINDOWS\l2schemas
2008-02-13 22:25:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 22:25:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-13 21:16:33 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2008-02-13 21:16:33 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2008-02-13 21:16:33 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2008-02-13 21:16:32 849920 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>
2008-02-13 21:16:32 0 d-------- C:\WINDOWS\kdefense
2008-02-13 21:04:15 0 d-------- C:\WINDOWS\LocalSSL
2008-02-13 20:07:44 0 d-------- C:\Program Files\EsetOnlineScanner
2008-02-13 09:44:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-12 21:43:36 0 d-------- C:\WINDOWS\vbSkinner
2008-02-12 21:43:25 0 d-------- C:\Program Files\PFConfig
2008-02-12 17:48:49 0 d-------- C:\Program Files\SpeedFan
2008-02-12 16:38:53 0 d-------- C:\Program Files\uTorrent
2008-02-12 16:33:50 0 dr-h----- C:\Documents and Settings\Z&R\Recent
2008-02-12 16:32:32 0 d-------- C:\Program Files\MSXML 4.0
2008-02-12 15:10:10 0 d-------- C:\Documents and Settings\Z&R\Application Data\uTorrent
2008-02-12 15:06:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-12 13:33:56 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-12 13:33:56 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-12 13:33:56 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-02-12 13:33:56 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-02-12 13:33:56 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1>
2008-02-12 13:33:56 507904 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-02-12 13:33:55 0 d-------- C:\Program Files\BELKIN USB Wireless Monitor
2008-02-12 13:01:47 0 d---s---- C:\Documents and Settings\Z&R\UserData
2008-02-12 09:35:49 0 d--hs---- C:\WINDOWS\CSC
2008-02-12 08:27:36 1835008 --a------ C:\Documents and Settings\Z&R\ntuser.dat
2008-02-11 16:43:56 0 d-------- C:\Documents and Settings\Z&R\Application Data\vlc
2008-02-11 16:21:08 0 d-------- C:\Documents and Settings\Z&R\LimeWire Store Purchased
2008-02-11 16:21:08 0 d-------- C:\Documents and Settings\Z&R\LimeWire Shared
2008-02-11 16:21:08 0 d-------- C:\Documents and Settings\Z&R\LimeWire Saved
2008-02-11 16:20:51 0 d-------- C:\Documents and Settings\Z&R\Incomplete <INCOMP~1>
2008-02-11 16:20:43 0 d-------- C:\Documents and Settings\Z&R\Application Data\LimeWire
2008-02-11 16:03:36 0 d--hs---- C:\Diskeeper
2008-02-11 15:18:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-11 15:18:50 0 d-------- C:\Program Files\Diskeeper Corporation
2008-02-11 15:14:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 15:13:15 0 d-------- C:\Program Files\Alwil Software
2008-02-11 15:00:43 1624 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-11 15:00:25 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-11 15:00:25 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-11 15:00:25 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-11 15:00:25 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-11 15:00:25 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-11 14:54:24 0 d-------- C:\Documents and Settings\Z&R\Application Data\DivX
2008-02-11 14:39:49 0 d-------- C:\Documents and Settings\Z&R\Application Data\HouseCall 6.6
2008-02-11 14:34:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-11 14:26:45 0 d-------- C:\Documents and Settings\Z&R\Application Data\Nero
2008-02-11 14:23:15 0 d-------- C:\Program Files\Nero
2008-02-11 14:23:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-11 14:23:14 0 d-------- C:\Program Files\Common Files\Nero
2008-02-11 14:15:23 0 d-------- C:\Program Files\danny_kay1710
2008-02-11 14:12:14 0 d-------- C:\Program Files\Yahoo!
2008-02-11 14:12:08 0 d-------- C:\Program Files\CCleaner
2008-02-11 14:02:16 0 d-------- C:\Program Files\Trend Micro
2008-02-11 14:02:11 0 d-------- C:\Documents and Settings\Z&R\Application Data\InstallShield
2008-02-11 13:47:42 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-11 13:47:42 47360 --a------ C:\Documents and Settings\Z&R\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-11 13:47:40 0 d-------- C:\Documents and Settings\Z&R\Application Data\Vso
2008-02-11 13:47:31 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-02-11 13:44:45 0 d-------- C:\Program Files\DivX
2008-02-11 13:39:13 0 d-------- C:\Program Files\AviSynth 2.5
2008-02-11 13:37:55 0 d-------- C:\Documents and Settings\Z&R\Application Data\Macromedia
2008-02-11 13:37:55 0 d-------- C:\Documents and Settings\Z&R\Application Data\Adobe
2008-02-11 13:37:51 1158 --a------ C:\WINDOWS\mozver.dat
2008-02-11 13:29:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-11 13:29:12 0 d-------- C:\Documents and Settings\Z&R\Application Data\Azureus
2008-02-11 13:19:08 0 d-------- C:\WINDOWS\Sun
2008-02-11 13:15:04 0 d-------- C:\Program Files\VideoLAN
2008-02-11 13:10:37 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-11 13:10:36 0 d-------- C:\Program Files\DVD Shrink
2008-02-11 13:07:40 0 d-------- C:\Program Files\Azureus
2008-02-11 13:00:32 0 d-------- C:\Documents and Settings\Z&R\Application Data\Talkback
2008-02-11 13:00:13 0 d-------- C:\Documents and Settings\Z&R\Application Data\Mozilla
2008-02-11 12:58:29 292640 --ahs---- C:\WINDOWS\system32\rttss.ini2
2008-02-11 12:54:56 0 d-------- C:\Program Files\LimeWire
2008-02-11 12:54:29 0 d-------- C:\WINDOWS\system32\updater
2008-02-11 12:51:40 0 d-------- C:\Program Files\PeerGuardian2
2008-02-11 12:49:57 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-11 12:47:35 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-02-11 12:47:32 0 d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-02-11 12:47:19 0 d-------- C:\Documents and Settings\Z&R\Application Data\W?nSxS
2008-02-11 12:47:18 0 d-------- C:\Program Files\Outerinfo
2008-02-11 12:46:47 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
2008-02-11 12:46:46 0 d-------- C:\Program Files\dvd43
2008-02-11 12:46:14 0 d-------- C:\Program Files\DVD Decrypter
2008-02-11 12:45:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-11 11:44:21 336800 --a------ C:\WINDOWS\system32\drivers\PRISMAXP.SYS <Not Verified; GlobespanVirata, Inc.; PRISM 802.11 Wireless LAN>
2008-02-11 11:39:28 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-11 11:35:28 0 d-------- C:\WINDOWS\pss
2008-02-11 11:33:51 0 dr------- C:\Documents and Settings\Z&R\Favorites
2008-02-11 11:33:51 0 d-------- C:\Documents and Settings\Z&R\Desktop
2008-02-11 11:33:51 0 d---s---- C:\Documents and Settings\Z&R\Cookies
2008-02-11 11:33:51 0 d--h----- C:\Documents and Settings\Z&R\Application Data
2008-02-11 11:33:51 0 d-------- C:\Documents and Settings\Z&R\Application Data\Sun
2008-02-11 11:33:51 0 d-------- C:\Documents and Settings\Z&R\Application Data\Identities
2008-02-11 11:33:51 0 d--h----- C:\Documents and Settings\Z&R\Application Data\Gtek
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\Templates
2008-02-11 11:33:50 0 dr------- C:\Documents and Settings\Z&R\Start Menu
2008-02-11 11:33:50 0 dr-h----- C:\Documents and Settings\Z&R\SendTo
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\PrintHood
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\NetHood
2008-02-11 11:33:50 0 dr------- C:\Documents and Settings\Z&R\My Documents
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\Local Settings
2008-02-11 11:33:34 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-02-11 11:33:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2008-02-11 11:33:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>


-- Find3M Report ---------------------------------------------------------------

2008-02-12 15:06:50 0 d-------- C:\Program Files\Common Files
2008-02-11 15:26:59 0 d-------- C:\Documents and Settings\Z&R\Application Data\W?nSxS
2008-02-11 14:02:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-11 13:47:58 34 --a------ C:\Documents and Settings\Z&R\Application Data\pcouffin.log
2008-02-11 13:47:42 1144 --a------ C:\Documents and Settings\Z&R\Application Data\pcouffin.inf
2008-02-11 13:47:42 7887 --a------ C:\Documents and Settings\Z&R\Application Data\pcouffin.cat
2008-02-11 13:21:40 0 d-------- C:\Program Files\Java
2008-02-11 11:40:19 0 d-------- C:\Program Files\MUSICMATCH
2008-02-11 11:39:21 0 d-------- C:\Program Files\Common Files\Corel
2008-02-11 11:38:38 0 d-------- C:\Program Files\Common Files\AOL
2007-12-03 18:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 18:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 18:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 18:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-29 15:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 15:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 15:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 14:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
09/16/2007 07:21 AM 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [01/21/2008 12:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [09/17/2007 01:15 AM]


-- End of Deckard's System Scanner: finished at 2008-02-14 20:23:01 ------------

and here is my extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1014.07 MiB / 567.57 MiB
Pagefile Memory (total/avail): 2441.3 MiB / 2117.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.15 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.34 GiB total, 128.67 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-75NCB1 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 144.34 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

FW: Trend Micro Personal Firewall v5.1 (Trend Micro Inc.)
AV: Trend Micro Internet Security Pro v16.05.1022 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\Azureus\\jre\\bin\\javaw.exe"="C:\\Program Files\\Azureus\\jre\\bin\\javaw.exe:LocalSubNet:Enabled:javaw"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:72.20.34.145/255.255.255.255:Enabled:µTorrent"
"C:\\Documents and Settings\\Z&R\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Z&R\\Desktop\\utorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Z&R\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ZACKANDRAYNE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Z&R
LOGONSERVER=\\ZACKANDRAYNE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\DISKEE~1\DISKEE~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Z&R\LOCALS~1\Temp
TMP=C:\DOCUME~1\Z&R\LOCALS~1\Temp
USERDOMAIN=ZACKANDRAYNE
USERNAME=Z&R
USERPROFILE=C:\Documents and Settings\Z&R
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Z&R (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type354 / Error
Event Submitted/Written: 02/14/2008 09:13:48 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mmc.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type353 / Error
Event Submitted/Written: 02/14/2008 09:12:46 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mmc.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type322 / Error
Event Submitted/Written: 02/12/2008 06:25:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type311 / Error
Event Submitted/Written: 02/12/2008 04:31:35 PM
Event ID/Source: 11920 / MsiInstaller
Event Description:
Product: Ad-Aware 2007 -- Error 1920. Service 'Ad-Aware 2007 Service' (aawservice) failed to start. Verify that you have sufficient privileges to start system services.

Event Record #/Type310 / Error
Event Submitted/Written: 02/12/2008 04:31:05 PM
Event ID/Source: 11920 / MsiInstaller
Event Description:
Product: Ad-Aware 2007 -- Error 1920. Service 'Ad-Aware 2007 Service' (aawservice) failed to start. Verify that you have sufficient privileges to start system services.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1454 / Warning
Event Submitted/Written: 02/12/2008 01:25:23 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0030BDAEBFCC. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1424 / Warning
Event Submitted/Written: 02/12/2008 01:14:39 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0030BDAEBFCC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1342 / Warning
Event Submitted/Written: 02/12/2008 00:57:10 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0030BDAEBFCC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1336 / Warning
Event Submitted/Written: 02/12/2008 00:52:14 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1331 / Warning
Event Submitted/Written: 02/12/2008 00:40:15 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0030BDAEBFCC. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-02-14 20:23:01 ------------
  • 0

#4
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
my bad i got it to run with my adm account here it is but it didnt give a extra log

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-14 20:39:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:53 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Z&R\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-21-419463822-2287653063-788256360-1005\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe (User 'Z&R')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5080 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 20:37:41 1063407616 --ahs---- \hiberfil.sys
2008-02-14 20:34:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-02-14 20:34:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-02-14 20:34:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-14 20:34:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-02-14 20:21:22 0 d-------- \Deckard
2008-02-14 20:10:12 0 d-------- C:\Program Files\MSXML 6.0
2008-02-14 10:05:48 0 d-------- \8c7e8ee0102d4b6f4ea227383b
2008-02-14 09:36:49 0 d-------- C:\WINDOWS\l2schemas
2008-02-13 22:25:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 22:25:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-13 21:16:33 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2008-02-13 21:16:33 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2008-02-13 21:16:33 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2008-02-13 21:16:32 849920 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>
2008-02-13 21:16:32 0 d-------- C:\WINDOWS\kdefense
2008-02-13 21:04:15 0 d-------- C:\WINDOWS\LocalSSL
2008-02-13 20:07:44 0 d-------- C:\Program Files\EsetOnlineScanner
2008-02-13 09:44:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-12 21:43:36 0 d-------- C:\WINDOWS\vbSkinner
2008-02-12 21:43:25 0 d-------- C:\Program Files\PFConfig
2008-02-12 17:48:49 0 d-------- C:\Program Files\SpeedFan
2008-02-12 16:38:53 0 d-------- C:\Program Files\uTorrent
2008-02-12 16:33:50 0 dr-h----- C:\Documents and Settings\Z&R\Recent
2008-02-12 16:32:32 0 d-------- C:\Program Files\MSXML 4.0
2008-02-12 16:26:16 0 d-------- \Config.Msi
2008-02-12 15:10:10 0 d-------- C:\Documents and Settings\Z&R\Application Data\uTorrent
2008-02-12 15:06:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-12 13:33:56 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-02-12 13:33:56 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-12 13:33:56 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-02-12 13:33:56 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-02-12 13:33:56 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1>
2008-02-12 13:33:56 507904 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-02-12 13:33:55 0 d-------- C:\Program Files\BELKIN USB Wireless Monitor
2008-02-12 13:01:47 0 d---s---- C:\Documents and Settings\Z&R\UserData
2008-02-12 09:35:49 0 d--hs---- C:\WINDOWS\CSC
2008-02-12 08:27:36 1835008 --a------ C:\Documents and Settings\Z&R\ntuser.dat
2008-02-11 16:43:56 0 d-------- C:\Documents and Settings\Z&R\Application Data\vlc
2008-02-11 16:21:08 0 d-------- C:\Documents and Settings\Z&R\LimeWire Store Purchased
2008-02-11 16:21:08 0 d-------- C:\Documents and Settings\Z&R\LimeWire Shared
2008-02-11 16:21:08 0 d-------- C:\Documents and Settings\Z&R\LimeWire Saved
2008-02-11 16:20:51 0 d-------- C:\Documents and Settings\Z&R\Incomplete <INCOMP~1>
2008-02-11 16:20:43 0 d-------- C:\Documents and Settings\Z&R\Application Data\LimeWire
2008-02-11 16:03:36 0 d--hs---- \Diskeeper
2008-02-11 15:18:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-11 15:18:50 0 d-------- C:\Program Files\Diskeeper Corporation
2008-02-11 15:14:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 15:13:15 0 d-------- C:\Program Files\Alwil Software
2008-02-11 15:00:43 1624 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-11 15:00:25 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-11 15:00:25 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-11 15:00:25 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-11 15:00:25 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-11 15:00:25 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-11 14:54:24 0 d-------- C:\Documents and Settings\Z&R\Application Data\DivX
2008-02-11 14:39:49 0 d-------- C:\Documents and Settings\Z&R\Application Data\HouseCall 6.6
2008-02-11 14:34:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-11 14:26:45 0 d-------- C:\Documents and Settings\Z&R\Application Data\Nero
2008-02-11 14:23:15 0 d-------- C:\Program Files\Nero
2008-02-11 14:23:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-11 14:23:14 0 d-------- C:\Program Files\Common Files\Nero
2008-02-11 14:15:23 0 d-------- C:\Program Files\danny_kay1710
2008-02-11 14:12:14 0 d-------- C:\Program Files\Yahoo!
2008-02-11 14:12:08 0 d-------- C:\Program Files\CCleaner
2008-02-11 14:02:16 0 d-------- C:\Program Files\Trend Micro
2008-02-11 14:02:11 0 d-------- C:\Documents and Settings\Z&R\Application Data\InstallShield
2008-02-11 13:47:42 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-11 13:47:42 47360 --a------ C:\Documents and Settings\Z&R\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-11 13:47:40 0 d-------- C:\Documents and Settings\Z&R\Application Data\Vso
2008-02-11 13:47:31 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-02-11 13:44:45 0 d-------- C:\Program Files\DivX
2008-02-11 13:39:13 0 d-------- C:\Program Files\AviSynth 2.5
2008-02-11 13:37:55 0 d-------- C:\Documents and Settings\Z&R\Application Data\Macromedia
2008-02-11 13:37:55 0 d-------- C:\Documents and Settings\Z&R\Application Data\Adobe
2008-02-11 13:37:51 1158 --a------ C:\WINDOWS\mozver.dat
2008-02-11 13:29:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-11 13:29:12 0 d-------- C:\Documents and Settings\Z&R\Application Data\Azureus
2008-02-11 13:19:08 0 d-------- C:\WINDOWS\Sun
2008-02-11 13:15:04 0 d-------- C:\Program Files\VideoLAN
2008-02-11 13:10:37 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-11 13:10:36 0 d-------- C:\Program Files\DVD Shrink
2008-02-11 13:07:40 0 d-------- C:\Program Files\Azureus
2008-02-11 13:00:32 0 d-------- C:\Documents and Settings\Z&R\Application Data\Talkback
2008-02-11 13:00:13 0 d-------- C:\Documents and Settings\Z&R\Application Data\Mozilla
2008-02-11 12:58:29 292640 --ahs---- C:\WINDOWS\system32\rttss.ini2
2008-02-11 12:54:56 0 d-------- C:\Program Files\LimeWire
2008-02-11 12:54:29 0 d-------- C:\WINDOWS\system32\updater
2008-02-11 12:51:40 0 d-------- C:\Program Files\PeerGuardian2
2008-02-11 12:49:57 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-11 12:47:35 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-02-11 12:47:32 0 d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-02-11 12:47:19 0 d-------- C:\Documents and Settings\Z&R\Application Data\W?nSxS
2008-02-11 12:47:18 0 d-------- C:\Program Files\Outerinfo
2008-02-11 12:46:47 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
2008-02-11 12:46:46 0 d-------- C:\Program Files\dvd43
2008-02-11 12:46:14 0 d-------- C:\Program Files\DVD Decrypter
2008-02-11 12:45:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-11 11:44:21 336800 --a------ C:\WINDOWS\system32\drivers\PRISMAXP.SYS <Not Verified; GlobespanVirata, Inc.; PRISM 802.11 Wireless LAN>
2008-02-11 11:39:28 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-11 11:35:28 0 d-------- C:\WINDOWS\pss
2008-02-11 11:33:51 0 dr------- C:\Documents and Settings\Z&R\Favorites
2008-02-11 11:33:51 0 d-------- C:\Documents and Settings\Z&R\Desktop
2008-02-11 11:33:51 0 d---s---- C:\Documents and Settings\Z&R\Cookies
2008-02-11 11:33:51 0 d--h----- C:\Documents and Settings\Z&R\Application Data
2008-02-11 11:33:51 0 d-------- C:\Documents and Settings\Z&R\Application Data\Sun
2008-02-11 11:33:51 0 d---s---- C:\Documents and Settings\Z&R\Application Data\Microsoft
2008-02-11 11:33:51 0 d-------- C:\Documents and Settings\Z&R\Application Data\Identities
2008-02-11 11:33:51 0 d--h----- C:\Documents and Settings\Z&R\Application Data\Gtek
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\Templates
2008-02-11 11:33:50 0 dr------- C:\Documents and Settings\Z&R\Start Menu
2008-02-11 11:33:50 0 dr-h----- C:\Documents and Settings\Z&R\SendTo
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\PrintHood
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\NetHood
2008-02-11 11:33:50 0 dr------- C:\Documents and Settings\Z&R\My Documents
2008-02-11 11:33:50 0 d--h----- C:\Documents and Settings\Z&R\Local Settings
2008-02-11 11:33:34 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-02-11 11:33:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2008-02-11 11:33:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>


-- Find3M Report ---------------------------------------------------------------

2008-02-14 20:37:40 1598029824 --ahs---- \pagefile.sys
2008-02-12 15:06:50 0 d-------- C:\Program Files\Common Files
2008-02-11 14:02:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-11 13:21:40 0 d-------- C:\Program Files\Java
2008-02-11 11:40:19 0 d-------- C:\Program Files\MUSICMATCH
2008-02-11 11:39:21 0 d-------- C:\Program Files\Common Files\Corel
2008-02-11 11:38:38 0 d-------- C:\Program Files\Common Files\AOL
2007-12-03 18:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 18:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 18:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 18:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-29 15:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 15:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 15:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 14:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
09/16/2007 07:21 AM 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [01/21/2008 12:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [12/22/2004 04:40 PM C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 05:23 PM]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [11/30/2004 10:00 AM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [05/15/2005 01:04 AM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"


-- End of Deckard's System Scanner: finished at 2008-02-14 20:40:34 ------------
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK methinks I see your problem

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    C:\WINDOWS\system32\M?crosoft.NET
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Logs required : OTMoveit and Combofix
  • 0

#6
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
i ran the programs but i can find where combofix log is i did a search for it and did find it
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It will be at C:\combofix.txt
  • 0

#8
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok thanks ill get that posted tonight
  • 0

#9
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
so here are the logs thanks

moveit log:
[Custom Input]
< C:\WINDOWS\system32\M?crosoft.NET >
C:\WINDOWS\system32\Mіcrosoft.NET moved successfully.

OTMoveIt2 v1.0.20 log created on 02152008_091640

combofix log:
ComboFix 08-02-15.2 - Z&R 2008-02-15 9:22:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -7:00]
Running from: C:\Documents and Settings\Z&R\Desktop\ComboFix(2).exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:38 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix(2)\Combobatch.bat
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-21-419463822-2287653063-788256360-1005\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe (User 'Z&R')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5070 bytes
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that log was wierd lets look another way

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

Advertisements


#11
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok here is the attachment thanks agian man

Attached Files


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looked clean, one final scan should do it

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

If you could let me know how your system is running now and post the SAS log
  • 0

#13
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
so that ran and i rebooted and here is my log, also on reboot i got a error lsdelte program not found-skiping auto check not too sure what this is, and for some reason when i click on my dvd drives MS word perfect 12 trys to install and it wont complet it sayes to instert disc? its stange, thanks for all your help man

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/16/2008 at 07:37 PM

Application Version : 3.9.1008

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Complete Scan
Total Scan Time : 00:28:26

Memory items scanned : 330
Memory threats detected : 0
Registry items scanned : 6024
Registry threats detected : 0
File items scanned : 27154
File threats detected : 1

Adware.ClickSpring/Resident
C:\_OTMoveIt\MovedFiles\02152008_091640\WINDOWS\system32\MCROSO~1.NET\DDPLAY~1.EXE
  • 0

#14
zack4290

zack4290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok so i found a fix for the lsdelete error it was from lavasoft adaware so i deleted it in the registry and it fixed it, but the word perfect 12 install to come up when i click on the dvd drive properties is crazy, do you recomed runing trend micro pro 08 and SUPERAntiSpyware at the same time?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see if we can kill the right click nightmare

Download the MSI clean up utility from here http://download.micr...1bd/msicuu2.exe

Install the programme then run

In the first thumbnail is the programme as first run

Posted Image

Then select the programme that is annoying you and click remove
Posted Image

do you recomed runing trend micro pro 08 and SUPERAntiSpyware at the same time

They are complimentary and can be run together

Now the best part of the day ----- Your log now appears clean :)

Double click Winpfind35 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP