Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Also what people seem to be calling trojandownloader.xs [CLOSED]

Started by thnikkaman , Mar 22 2008 06:46 PM

  • This topic is locked This topic is locked

#1
thnikkaman
Posted 22 March 2008 - 06:46 PM

thnikkaman

    New Member

  • Member
  • Pip
  • 6 posts
Like numerous others, i also have this virus, with the same symptoms of many others. I have a Dell *shudder* with windows XP home edition. Here is my hijincks this log report:
I
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:19 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5786A8B2-7F71-4D98-8030-37CA3DFBE18E} - C:\Program Files\MSN\nipysafor555077.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {BA327C6F-CEB9-4B4C-83B7-03FA98EB25DF} - C:\Program Files\Messenger\kolap777444.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9852 bytes

This is my first time on this website btw; so don't hesitate to scold me/tell me that i am doing something completely wrong/etc.
Thanks in advance
  • 0

Advertisements

#2
sage5
Posted 22 March 2008 - 07:14 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi thnikkaman,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Deckard's System Scanner
SDFix
OTMoveIt2 by OldTimer.
SmitfraudFix (by S!Ri)


Fix the Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it UserinitFix.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Run SDFix:
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as C:\SDFix\Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Shut down & Reboot normally:

Start the Smitfraud scan:
  • Double-click SmitfraudFix.exe
  • Select option #1 - Search by typing 1 and press "Enter". A text file will appear, which lists infected files (if present). It is saved as C:\rapport.txt
  • Please copy/paste the content of that file into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt, extra.txt, C:\rapport.txt & C:\SDFix\Report.txt in your next reply.



The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5

Edited by sage5, 22 March 2008 - 07:34 PM.

  • 0

#3
thnikkaman
Posted 31 March 2008 - 06:57 PM

thnikkaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thank you very much, and sorry for not responding quickly (i was away from my computer on vacation)

here is the report.txt:

SDFix: Version 1.159

Run by Harrison Weigel on Mon 03/31/2008 at 08:32 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\PROGRA~1\MESSEN~1\KOLAP7~1.DLL - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\tk58.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 20:39:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

Remaining Files :

C:\WINDOWS\default.htm Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Sun 13 May 2007 88 ..SHR --- "C:\WINDOWS\system32\888E7BDA76.sys"
Sun 13 May 2007 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 7 Oct 2005 1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"
Fri 7 Oct 2005 62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"
Fri 7 Oct 2005 95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"
Fri 7 Oct 2005 36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"
Fri 7 Oct 2005 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT1D.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1B.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT1F.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT1E.tmp"
Tue 18 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BITF.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT20.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT1C.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Harrison Weigel\Application Data\U3\temp\Launchpad Removal.exe"
Fri 5 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 5 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 5 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 5 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Fri 5 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Fri 5 Jan 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"

Finished!

Here is the rapport.txt:
SmitFraudFix v2.309

Scan done at 20:46:10.84, Mon 03/31/2008
Run from C:\Documents and Settings\Harrison Weigel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\default.htm FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Harrison Weigel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Harrison Weigel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HARRIS~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\sbwltbxa.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 68.237.161.12
DNS Server Search Order: 71.250.0.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8149FC26-4AE5-4CB9-A032-3249D32C833F}: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8149FC26-4AE5-4CB9-A032-3249D32C833F}: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8149FC26-4AE5-4CB9-A032-3249D32C833F}: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.237.161.12 71.250.0.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.237.161.12 71.250.0.12


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Here is the Main.txt:
Deckard's System Scanner v20071014.68
Run by Harrison Weigel on 2008-03-31 20:48:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Harrison Weigel.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:30 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Harrison Weigel\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Harrison Weigel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5786A8B2-7F71-4D98-8030-37CA3DFBE18E} - C:\Program Files\MSN\nipysafor555077.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {BA327C6F-CEB9-4B4C-83B7-03FA98EB25DF} - C:\Program Files\Messenger\kolap777444.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9956 bytes

-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-31 20:46:19 1596 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-31 20:45:55 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 20:45:55 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-31 20:45:55 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-31 20:45:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-31 20:45:55 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-31 20:45:55 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-31 20:45:54 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-22 21:25:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-22 20:28:37 0 d-------- C:\Program Files\Trend Micro
2008-03-22 20:27:14 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-22 20:01:43 0 d-------- C:\WINDOWS\ERUNT
2008-03-22 19:29:33 0 d-------- C:\Program Files\180solutions
2008-03-22 19:29:33 0 d-------- C:\Program Files\180searchassistant
2008-03-22 19:29:33 0 d-------- C:\Program Files\180search assistant
2008-03-22 19:05:24 0 d-------- C:\Program Files\stc
2008-03-22 19:05:24 0 d-------- C:\Program Files\seekmo
2008-03-22 19:05:22 0 d-------- C:\Program Files\zango
2008-03-22 18:39:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-22 15:53:40 11520 --a------ C:\WINDOWS\voiceip.dll
2008-03-22 15:53:40 12288 --a------ C:\WINDOWS\swin32.dll
2008-03-22 15:53:40 19712 --a------ C:\WINDOWS\stcloader.exe
2008-03-22 15:53:39 17664 --a------ C:\WINDOWS\mssvr.exe
2008-03-22 15:53:39 20736 --a------ C:\WINDOWS\mspphe.dll
2008-03-22 15:53:39 10240 --a------ C:\WINDOWS\cdsm32.dll
2008-03-22 15:53:39 24320 --a------ C:\WINDOWS\bokja.exe
2008-03-22 15:53:38 20224 --a------ C:\WINDOWS\bjam.dll
2008-03-22 15:53:38 19456 --a------ C:\WINDOWS\2020search2.dll
2008-03-22 15:53:37 24576 --a------ C:\WINDOWS\2020search.dll
2008-03-22 15:53:34 28672 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-03-22 15:53:34 25344 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-03-22 15:53:32 19200 --a------ C:\WINDOWS\180ax.exe
2008-03-22 15:53:31 11776 --a------ C:\WINDOWS\updatetc.exe
2008-03-22 15:53:31 21248 --a------ C:\WINDOWS\salm.exe
2008-03-22 15:53:30 0 d-------- C:\WINDOWS\FLEOK
2008-03-22 15:53:29 28672 --a------ C:\WINDOWS\saiemod.dll
2008-03-22 15:53:28 30208 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-22 15:53:26 17408 --a------ C:\WINDOWS\msapasrc.dll
2008-03-22 15:53:26 14336 --a------ C:\WINDOWS\msa64chk.dll
2008-03-22 15:53:25 12800 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-22 15:53:25 28928 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-22 15:53:24 22016 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-22 15:53:24 23296 --a------ C:\WINDOWS\shdocpl.dll
2008-03-22 15:53:23 21504 --a------ C:\WINDOWS\shdocpe.dll
2008-03-22 15:53:23 24320 --a------ C:\WINDOWS\ntnut.exe
2008-03-22 15:53:22 29696 --a------ C:\WINDOWS\winsb.dll
2008-03-22 15:53:22 0 d-------- C:\Program Files\Sysmnt
2008-03-22 15:53:21 29184 --a------ C:\WINDOWS\browserad.dll
2008-03-22 15:53:20 26624 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-22 15:53:20 11264 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-22 15:53:19 8704 --a------ C:\WINDOWS\avifile32.dll
2008-03-22 15:53:19 20224 --a------ C:\WINDOWS\autodisc32.dll
2008-03-22 15:53:19 12544 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-22 15:53:18 32512 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-22 15:53:18 27392 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-22 15:53:17 11008 --a------ C:\WINDOWS\athprxy32.dll
2008-03-22 15:53:17 12032 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-22 15:53:17 8960 --a------ C:\WINDOWS\asferror32.dll
2008-03-22 15:53:17 12288 --a------ C:\WINDOWS\apphelp32.dll
2008-03-22 15:53:16 29440 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-22 15:51:24 5120 --a------ C:\Documents and Settings\LocalService\ftpdll.dll
2008-03-22 15:44:28 0 d-------- C:\WINDOWS\pss
2008-03-22 15:26:04 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-22 15:18:13 5120 --a------ C:\WINDOWS\system32\ftpdll.dll
2008-03-22 15:18:13 5120 --a------ C:\Documents and Settings\Harrison Weigel\ftpdll.dll
2008-03-22 15:17:03 90537 --a------ C:\WINDOWS\system32\sbwltbxa.exe <Not Verified; Microsoft; runbll>
2008-03-05 19:48:21 0 d-------- C:\Program Files\Project64 1.6


-- Find3M Report ---------------------------------------------------------------

2008-03-31 20:45:01 0 d-------- C:\Program Files\Steam
2008-03-31 20:37:31 0 d-------- C:\Program Files\Messenger
2008-03-31 20:16:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-22 20:33:07 0 d-------- C:\Program Files\Common Files
2008-03-22 20:17:43 15800 --a------ C:\Documents and Settings\Harrison Weigel\Application Data\wklnhst.dat
2008-03-21 17:42:39 0 d-------- C:\Documents and Settings\Harrison Weigel\Application Data\yoclient
2008-02-24 15:17:04 0 d-------- C:\Program Files\Armagetron Advanced
2008-02-24 13:07:41 0 d-------- C:\Program Files\GameSpy Arcade
2008-02-24 13:06:11 0 d-------- C:\Program Files\Microsoft Games
2008-02-23 19:03:09 0 d-------- C:\Program Files\SwiftSwitch
2008-01-03 15:38:47 23 --a------ C:\WINDOWS\popcinfot.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5786A8B2-7F71-4D98-8030-37CA3DFBE18E}]
08/02/2007 09:43 AM 282624 --a------ C:\Program Files\MSN\nipysafor555077.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA327C6F-CEB9-4B4C-83B7-03FA98EB25DF}]
C:\Program Files\Messenger\kolap777444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/17/2005 12:33 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/05/2007 05:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 04:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/22/2007 03:46 PM]
"Steam"="c:\program files\steam\steam.exe" [03/31/2008 04:53 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\Harrison Weigel\Local Settings\Application Data\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\MediaDirect\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6937f808-d8c1-11db-b07d-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-03-31 20:49:10 ------------

I, however, have not found any extra.txt (?)
thank you for reading through all of this jargon, and sorry for taking so long to re-respond
  • 0

#4
sage5
Posted 01 April 2008 - 06:27 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi thnikkaman,

Do the following in Normal mode:

Go to the C:\SDFix folder and double click RunThis.bat to start the script.
  • Type 3 to Download/Run SAV32CLI from Sophos.
  • Follow the on screen prompts and extract the Sophos files to C:\SAV32CLI
  • When the main scanning screen is displayed type 6 to run a Full scan
  • SAV32CLI will start and scan the system for infected files
  • Please be patient as this scan may take some time
  • When the scan has finished post back the SophosReport.txt from the SDFix folder


Re-run Deckard's System Scanner:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /config
  • In the Modules window click the Check All button
  • Click the Scan! button
  • Scans will run, and 2 text files will open in Notepad.
  • Paste the text from both files, as well as SophosReport.txtinto your next reply.

  • 0

#5
thnikkaman
Posted 01 April 2008 - 05:44 PM

thnikkaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you (still) for helping me.

Here is the Sophosreport

Sophos Anti-Virus
Version 4.28.0 [Win32/Intel]
Virus data version 4.28E, April 2008
Includes detection for 381048 viruses, trojans and worms
Copyright © 1989-2008 Sophos Plc, www.sophos.com

System time 16:28:46, System date 01 April 2008
Command line qualifiers are: -f -di -nc -nb --stop-scan

IDE directory is: C:\SDFix\IDE

Using IDE file tvido-a.ide
Using IDE file chir-b.ide
Using IDE file tiny-dc.ide
Using IDE file autor-bd.ide
Using IDE file autor-be.ide
Using IDE file sdbo-djz.ide
Using IDE file cimuz-cv.ide
Using IDE file gampas-q.ide
Using IDE file virut-x.ide
Using IDE file he4hoo-e.ide
Using IDE file daymay-a.ide
Using IDE file injec-cb.ide
Using IDE file keylo-jz.ide
Using IDE file ntroo-cv.ide
Using IDE file dwnl-hav.ide
Using IDE file silly-bu.ide
Using IDE file agen-gpc.ide
Using IDE file bankd-dg.ide
Using IDE file pushu-h.ide
Using IDE file psw-es.ide
Using IDE file psw-et.ide
Using IDE file rexplo-b.ide
Using IDE file looke-ec.ide
Using IDE file ldpin-ro.ide
Using IDE file dorf-aw.ide
Using IDE file agen-gph.ide
Using IDE file banlo-ex.ide
Using IDE file rieve-a.ide
Using IDE file vb-dyr.ide
Using IDE file mailb-ck.ide
Using IDE file cyberl-a.ide
Using IDE file spwa-gen.ide
Using IDE file psyme-hm.ide
Using IDE file dwnl-hba.ide
Using IDE file zbot-d.ide
Using IDE file dload-bl.ide
Using IDE file injec-cc.ide
Using IDE file alman-e.ide
Using IDE file autor-bg.ide
Using IDE file autom-d.ide
Using IDE file dref-b.ide
Using IDE file agen-gpp.ide
Using IDE file zbot-e.ide
Using IDE file defusx-a.ide
Using IDE file agen-gpr.ide
Using IDE file tinydl-r.ide
Using IDE file downld-p.ide
Using IDE file agen-gpv.ide
Using IDE file zonie-a.ide
Using IDE file vb-dys.ide
Using IDE file silly-bw.ide
Using IDE file pushdo-h.ide
Using IDE file sheldo-a.ide
Using IDE file smal-eld.ide
Using IDE file agen-gpx.ide
Using IDE file bifro-vn.ide
Using IDE file looke-ed.ide
Using IDE file autor-bk.ide
Using IDE file swizzo-c.ide
Using IDE file dloa-bim.ide
Using IDE file iespy-f.ide
Using IDE file cblade-h.ide
Using IDE file pasala-a.ide
Using IDE file dloa-bio.ide
Using IDE file messy-a.ide
Using IDE file msnemy-a.ide
Using IDE file otakbo-a.ide
Using IDE file forbo-gv.ide
Using IDE file bckd-qlw.ide
Using IDE file smal-ele.ide
Using IDE file braban-h.ide
Using IDE file cabat-d.ide
Using IDE file ntroo-cz.ide
Using IDE file dropp-tv.ide
Using IDE file agen-gmy.ide
Using IDE file autor-bo.ide
Using IDE file pushin-a.ide
Using IDE file spy-aj.ide
Using IDE file agen-gpz.ide
Using IDE file bront-ds.ide
Using IDE file bobax-eh.ide
Using IDE file grumbl-a.ide
Using IDE file tibs-ub.ide
Using IDE file joom-a.ide
Using IDE file pccli-lj.ide
Using IDE file autor-bp.ide
Using IDE file rbot-gwj.ide
Using IDE file bront-dt.ide
Using IDE file onlin-an.ide
Using IDE file fakev-ar.ide
Using IDE file baload-a.ide
Using IDE file cashgr-u.ide
Using IDE file autome-a.ide
Using IDE file bront-du.ide
Using IDE file silly-by.ide
Using IDE file pccli-ll.ide
Using IDE file zapch-dz.ide
Using IDE file killfi-j.ide
Using IDE file ircb-aaq.ide
Using IDE file agen-gqo.ide
Using IDE file sohan-as.ide
Using IDE file meiti-a.ide
Using IDE file zlob-j.ide
Using IDE file dwnl-hbk.ide
Using IDE file looke-ee.ide
Using IDE file silly-bz.ide
Using IDE file proxy-ig.ide
Using IDE file sdbo-dkb.ide
Using IDE file dwnl-hbl.ide
Using IDE file banhos-i.ide
Using IDE file poison-r.ide
Using IDE file winsat-b.ide
Using IDE file ntroo-da.ide
Using IDE file bagle-tq.ide
Using IDE file downld-t.ide
Using IDE file dload-br.ide
Using IDE file bckd-qly.ide
Using IDE file wlload-a.ide
Using IDE file zbot-h.ide
Using IDE file agen-gqv.ide
Using IDE file vbsmai-a.ide
Using IDE file mdro-bqg.ide
Using IDE file looke-ef.ide
Using IDE file zlobdr-h.ide
Using IDE file anpir-a.ide
Using IDE file scrapk-a.ide
Using IDE file exepag-a.ide
Using IDE file sillyw-a.ide
Using IDE file gina-al.ide
Using IDE file alimik-a.ide
Using IDE file sdbo-dkd.ide
Using IDE file vb-dyv.ide
Using IDE file agen-grd.ide
Using IDE file agen-gre.ide
Using IDE file repet-a.ide
Using IDE file agen-grg.ide
Using IDE file renos-ap.ide
Using IDE file virfir-a.ide
Using IDE file agen-gri.ide
Using IDE file rjump-j.ide
Using IDE file autor-bc.ide
Using IDE file chmdro-b.ide
Using IDE file agen-grj.ide
Using IDE file pakabo-a.ide
Using IDE file agen-grk.ide
Using IDE file bho-ez.ide
Using IDE file zlob-ail.ide
Using IDE file agen-grl.ide
Using IDE file batsec-a.ide
Using IDE file bckd-qmd.ide
Using IDE file dloa-biz.ide
Using IDE file autor-by.ide
Using IDE file bckd-qme.ide
Using IDE file agen-grq.ide
Using IDE file agen-grr.ide
Using IDE file dload-bu.ide
Using IDE file injec-cd.ide
Using IDE file bagle-tm.ide
Using IDE file agen-grt.ide
Using IDE file anuir-a.ide
Using IDE file satin-a.ide
Using IDE file bdoo-ajn.ide
Using IDE file agent-e.ide
Using IDE file dloa-bjc.ide
Using IDE file obfjs-b.ide
Using IDE file tvido-b.ide
Using IDE file pws-aqf.ide
Using IDE file cheuko-d.ide
Using IDE file rbot-gwl.ide
Using IDE file agen-gsb.ide
Using IDE file click-es.ide
Using IDE file munfor-b.ide
Using IDE file tehni-a.ide
Using IDE file zlob-aiw.ide
Using IDE file dowadv-c.ide
Using IDE file bagz-j.ide
Using IDE file bronto-x.ide
Using IDE file autor-bz.ide
Using IDE file dnsch-mg.ide
Using IDE file slolan-a.ide
Using IDE file fomur-a.ide
Using IDE file agen-gsh.ide
Using IDE file agen-gsj.ide
Using IDE file tanto-i.ide
Using IDE file zlob-aiz.ide
Using IDE file push-gen.ide
Using IDE file mumawo-a.ide
Using IDE file popupp-a.ide
Using IDE file badsrc-a.ide
Using IDE file servu-fg.ide
Using IDE file rootk-cd.ide
Using IDE file agen-gst.ide
Using IDE file agen-gsv.ide
Using IDE file zlob-aja.ide
Using IDE file prora-do.ide
Using IDE file autor-ca.ide
Using IDE file rbot-gwn.ide
Using IDE file crypdr-a.ide
Using IDE file exchan-b.ide
Using IDE file shodi-i.ide
Using IDE file agen-gtb.ide
Using IDE file bagle-tr.ide
Using IDE file rkmail-a.ide
Using IDE file shutdo-h.ide
Using IDE file silly-cb.ide
Using IDE file ntroo-dd.ide
Using IDE file pws-aqp.ide
Using IDE file autor-cd.ide
Using IDE file zbot-j.ide
Using IDE file autor-ce.ide
Using IDE file banlo-b.ide
Using IDE file dloa-bjk.ide
Using IDE file swizz-nq.ide
Using IDE file fujac-at.ide
Using IDE file pccli-lx.ide
Using IDE file agen-gti.ide
Using IDE file grum-i.ide
Using IDE file pws-aqq.ide
Using IDE file drop-l.ide
Using IDE file dloa-bjm.ide
Using IDE file espole-a.ide
Using IDE file psyme-ht.ide
Using IDE file kobak-a.ide
Using IDE file dloa-bjo.ide
Using IDE file sanji-a.ide
Using IDE file silly-cc.ide
Using IDE file bckd-qmk.ide
Using IDE file zaap-a.ide
Using IDE file bckd-qml.ide
Using IDE file dwnl-hbu.ide
Using IDE file dnsch-mh.ide
Using IDE file pdfex-e.ide
Using IDE file agen-gtr.ide
Using IDE file autor-ch.ide
Using IDE file bank-ele.ide
Using IDE file aspshe-a.ide
Using IDE file bckd-qmo.ide
Using IDE file lowzo-ea.ide
Using IDE file banlo-fb.ide
Using IDE file bizv-zla.ide
Using IDE file vb-dyy.ide
Using IDE file prora-dq.ide
Using IDE file pushdo-i.ide
Using IDE file detna-ad.ide
Using IDE file sdbo-dkg.ide
Using IDE file vbbot-ao.ide
Using IDE file encpk-cy.ide
Using IDE file tibs-uc.ide
Using IDE file drop-n.ide
Using IDE file tibs-ud.ide
Using IDE file hupig-sz.ide
Using IDE file macswp-b.ide
Using IDE file bank-ekz.ide
Using IDE file oscor-m.ide
Using IDE file spywa-ax.ide
Using IDE file starte-h.ide
Using IDE file honk-g.ide
Using IDE file autor-cn.ide
Using IDE file vb-dyz.ide
Using IDE file flood-im.ide
Using IDE file nymod-a.ide
Using IDE file backdr-s.ide
Using IDE file ldpin-rq.ide
Using IDE file agen-gum.ide
Using IDE file bifro-vq.ide
Using IDE file silly-ce.ide
Using IDE file zlob-ajn.ide
Using IDE file agen-guo.ide
Using IDE file killa-el.ide
Using IDE file agen-gup.ide
Using IDE file graybi-p.ide
Using IDE file dorf-ba.ide
Using IDE file tileb-kt.ide
Using IDE file mdro-bre.ide
Using IDE file fakea-ax.ide
Using IDE file legm-ars.ide
Using IDE file agen-gus.ide

Full Scanning

>>> Virus 'Troj/Agent-GTL' found in file C:\Documents and Settings\Harrison Weigel\ftpdll.dll
>>> Virus 'Troj/Agent-GTL' found in file C:\Documents and Settings\LocalService\ftpdll.dll
Could not open C:\hiberfil.sys
Could not open C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
>>> Virus 'Troj/TTC-Gen' found in file C:\Program Files\MSN\nipysafor555077.dll
Aborted checking C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP139\A0027722.exe - appears to be a 'zip bomb'
>>> Virus 'Mal/EncPk-CO' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0029920.exe
>>> Virus 'Troj/Agent-GTL' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0029925.dll
>>> Virus 'Troj/Agent-GTL' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030038.dll
>>> Virus 'Troj/Agent-GTL' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030039.dll
>>> Virus 'Troj/Agent-GTL' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030060.exe\FILE:0000
>>> Virus 'Mal/Heuri-D' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030060.exe
>>> Virus 'Troj/Agent-GTL' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030061.exe\FILE:0000
>>> Virus 'Mal/Heuri-D' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030061.exe
>>> Virus 'Mal/Heuri-E' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030062.exe\FILE:0000
>>> Virus 'Mal/DownLdr-O' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030064.exe
>>> Virus 'Troj/Dloadr-BJR' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030066.exe
>>> Virus 'Mal/DownLdr-O' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030073.exe
>>> Virus 'Troj/Dloadr-BJR' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030075.exe
>>> Virus 'Troj/Agent-GTL' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030076.exe\FILE:0000
>>> Virus 'Mal/Heuri-D' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030076.exe
>>> Virus 'Mal/Heuri-E' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0030078.exe\FILE:0000
>>> Virus 'Troj/LegMir-ARJ' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP156\A0030269.exe
>>> Virus 'Troj/LegMir-ARJ' found in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP156\A0030276.exe
>>> Virus 'Troj/Agent-GTL' found in file C:\WINDOWS\system32\ftpdll.dll
>>> Virus 'Troj/FakeAV-F' found in file C:\WINDOWS\system32\sbwltbxa.exe

1 boot sector swept.
28878 files swept in 1 hour, 0 minutes and 58 seconds.
3 errors were encountered.
23 viruses were discovered.
20 files out of 28878 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email [email protected]
or telephone +44 1235 559933
Ending Sophos Anti-Virus.
  • 0

#6
thnikkaman
Posted 01 April 2008 - 05:45 PM

thnikkaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the Main.txt:

Deckard's System Scanner v20071014.68
Run by Harrison Weigel on 2008-04-01 19:40:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-04-01 23:40:34 UTC - RP158 - Deckard's System Scanner Restore Point
28: 2008-04-01 21:24:15 UTC - RP157 - System Checkpoint
27: 2008-03-23 00:22:24 UTC - RP156 - Deckard's System Scanner Restore Point
26: 2008-03-21 23:17:02 UTC - RP155 - Software Distribution Service 3.0
25: 2008-03-21 22:46:54 UTC - RP154 - System Checkpoint


-- First Restore Point --
1: 2008-01-06 22:39:44 UTC - RP130 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Harrison Weigel.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:45 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Harrison Weigel\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HARRIS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5786A8B2-7F71-4D98-8030-37CA3DFBE18E} - C:\Program Files\MSN\nipysafor555077.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A0EFAB26-5027-4DE9-8247-C0C3B04432F6} - C:\Program Files\Messenger\kolap777444.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {BA327C6F-CEB9-4B4C-83B7-03FA98EB25DF} - C:\Program Files\Messenger\kolap777444.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1520300419-1576192814-2681431817-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User '?')
O4 - HKUS\S-1-5-21-1520300419-1576192814-2681431817-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1520300419-1576192814-2681431817-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10668 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 catchme - c:\docume~1\harris~1\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\11ED2961314FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\11ED2961314FC000
Service: NIC1394


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 696)
2006-11-23 02:31:08 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>


-- Scheduled Tasks -------------------------------------------------------------

2008-03-14 21:30:43 568 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Harrison Weigel.job


-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-04-01 16:26:39 0 d-------- C:\SAV32CLI
2008-03-31 23:01:07 2855 --a------ C:\WINDOWS\system32\ntnut32.PIF
2008-03-31 22:43:02 0 dr-----c- C:\Program Files\stc
2008-03-31 20:46:19 1596 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-31 20:45:55 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 20:45:55 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-31 20:45:55 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-31 20:45:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-31 20:45:55 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-31 20:45:55 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-31 20:45:54 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-22 21:25:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-22 20:28:37 0 d-------- C:\Program Files\Trend Micro
2008-03-22 20:27:14 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-22 20:01:43 0 d-------- C:\WINDOWS\ERUNT
2008-03-22 19:29:33 0 d-------- C:\Program Files\180solutions
2008-03-22 19:29:33 0 d-------- C:\Program Files\180searchassistant
2008-03-22 19:29:33 0 d-------- C:\Program Files\180search assistant
2008-03-22 19:05:24 0 d-------- C:\Program Files\seekmo
2008-03-22 19:05:22 0 d-------- C:\Program Files\zango
2008-03-22 18:39:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-03-22 15:53:40 11520 --a------ C:\WINDOWS\voiceip.dll
2008-03-22 15:53:40 12288 --a------ C:\WINDOWS\swin32.dll
2008-03-22 15:53:40 19712 --a------ C:\WINDOWS\stcloader.exe
2008-03-22 15:53:39 17664 --a------ C:\WINDOWS\mssvr.exe
2008-03-22 15:53:39 20736 --a------ C:\WINDOWS\mspphe.dll
2008-03-22 15:53:39 10240 --a------ C:\WINDOWS\cdsm32.dll
2008-03-22 15:53:39 24320 --a------ C:\WINDOWS\bokja.exe
2008-03-22 15:53:38 20224 --a------ C:\WINDOWS\bjam.dll
2008-03-22 15:53:38 19456 --a------ C:\WINDOWS\2020search2.dll
2008-03-22 15:53:37 24576 --a------ C:\WINDOWS\2020search.dll
2008-03-22 15:53:34 28672 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-03-22 15:53:34 25344 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-03-22 15:53:32 19200 --a------ C:\WINDOWS\180ax.exe
2008-03-22 15:53:31 11776 --a------ C:\WINDOWS\updatetc.exe
2008-03-22 15:53:31 21248 --a------ C:\WINDOWS\salm.exe
2008-03-22 15:53:30 0 d-------- C:\WINDOWS\FLEOK
2008-03-22 15:53:29 28672 --a------ C:\WINDOWS\saiemod.dll
2008-03-22 15:53:28 30208 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-22 15:53:26 17408 --a------ C:\WINDOWS\msapasrc.dll
2008-03-22 15:53:26 14336 --a------ C:\WINDOWS\msa64chk.dll
2008-03-22 15:53:25 12800 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-22 15:53:25 28928 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-22 15:53:24 22016 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-22 15:53:24 23296 --a------ C:\WINDOWS\shdocpl.dll
2008-03-22 15:53:23 21504 --a------ C:\WINDOWS\shdocpe.dll
2008-03-22 15:53:23 24320 --a------ C:\WINDOWS\ntnut.exe
2008-03-22 15:53:22 29696 --a------ C:\WINDOWS\winsb.dll
2008-03-22 15:53:22 0 d-------- C:\Program Files\Sysmnt
2008-03-22 15:53:21 29184 --a------ C:\WINDOWS\browserad.dll
2008-03-22 15:53:20 26624 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-22 15:53:20 11264 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-22 15:53:19 8704 --a------ C:\WINDOWS\avifile32.dll
2008-03-22 15:53:19 20224 --a------ C:\WINDOWS\autodisc32.dll
2008-03-22 15:53:19 12544 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-22 15:53:18 32512 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-22 15:53:18 27392 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-22 15:53:17 11008 --a------ C:\WINDOWS\athprxy32.dll
2008-03-22 15:53:17 12032 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-22 15:53:17 8960 --a------ C:\WINDOWS\asferror32.dll
2008-03-22 15:53:17 12288 --a------ C:\WINDOWS\apphelp32.dll
2008-03-22 15:53:16 29440 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-22 15:51:24 5120 --a------ C:\Documents and Settings\LocalService\ftpdll.dll
2008-03-22 15:44:28 0 d-------- C:\WINDOWS\pss
2008-03-22 15:26:04 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-22 15:18:13 5120 --a------ C:\WINDOWS\system32\ftpdll.dll
2008-03-22 15:18:13 5120 --a------ C:\Documents and Settings\Harrison Weigel\ftpdll.dll
2008-03-22 15:17:03 90537 --a------ C:\WINDOWS\system32\sbwltbxa.exe <Not Verified; Microsoft; runbll>
2008-03-05 19:48:21 0 d-------- C:\Program Files\Project64 1.6


-- Find3M Report ---------------------------------------------------------------

2008-04-01 16:26:48 0 d-------- C:\Program Files\Messenger
2008-04-01 16:24:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-01 16:21:00 0 d-------- C:\Program Files\Steam
2008-03-31 22:57:20 16120 --a------ C:\Documents and Settings\Harrison Weigel\Application Data\wklnhst.dat
2008-03-22 20:33:07 0 d-------- C:\Program Files\Common Files
2008-03-21 17:42:39 0 d-------- C:\Documents and Settings\Harrison Weigel\Application Data\yoclient
2008-02-24 15:17:04 0 d-------- C:\Program Files\Armagetron Advanced
2008-02-24 13:07:41 0 d-------- C:\Program Files\GameSpy Arcade
2008-02-24 13:06:11 0 d-------- C:\Program Files\Microsoft Games
2008-02-23 19:03:09 0 d-------- C:\Program Files\SwiftSwitch
2008-01-03 15:38:47 23 --a------ C:\WINDOWS\popcinfot.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5786A8B2-7F71-4D98-8030-37CA3DFBE18E}]
08/02/2007 09:43 AM 282624 --a------ C:\Program Files\MSN\nipysafor555077.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0EFAB26-5027-4DE9-8247-C0C3B04432F6}]
02/27/2008 09:54 PM 217088 --a------ C:\Program Files\Messenger\kolap777444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA327C6F-CEB9-4B4C-83B7-03FA98EB25DF}]
02/27/2008 09:54 PM 217088 --a------ C:\Program Files\Messenger\kolap777444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/17/2005 12:33 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/05/2007 05:38 PM]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE" [07/25/2006 07:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 04:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/22/2007 03:46 PM]
"Steam"="c:\program files\steam\steam.exe" [03/31/2008 04:53 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\Harrison Weigel\Local Settings\Application Data\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\MediaDirect\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6937f808-d8c1-11db-b07d-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-01 19:43:09 ------------
  • 0

#7
thnikkaman
Posted 01 April 2008 - 05:48 PM

thnikkaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Lastly, here is the extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1014.37 MiB / 442.17 MiB
Pagefile Memory (total/avail): 2441.44 MiB / 1979.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.16 MiB

C: is Fixed (NTFS) - 67.63 GiB total, 30.92 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 67.63 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2047.35 MiB
\PARTITION3 - Unknown - 4.85 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Harrison Weigel\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HARRISON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Harrison Weigel
LOGONSERVER=\\HARRISON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HARRIS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HARRIS~1\LOCALS~1\Temp
USERDOMAIN=HARRISON
USERNAME=Harrison Weigel
USERPROFILE=C:\Documents and Settings\Harrison Weigel
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Harrison Weigel (admin)
Alex - The Guy (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Armagetron Advanced 0.3.0 --> C:\Program Files\Armagetron Advanced\uninst.exe
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Bugdom Demo v1.20 --> C:\Program Files\Ideas From the Deep\Bugdom Demo\uninst.exe
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Empires and Dungeons Free Trial --> "C:\Program Files\EmpiresandDungeons_at\unins000.exe"
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
fuzetsu --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.kaioa.com...a/fuzetsu.jnlp"
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
Harvest - Massive Encounter --> "C:\Program Files\Oxeye Games\Harvest\uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Immortal Defense 1.0 --> C:\Program Files\Immortal Defense\uninst.exe
Impulse 1.0 --> "C:\Program Files\Impulse\unins000.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logical Journey of the Zoombinis --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Zoombi32\DeIsL1.isu"
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Nanosaur 2: Hatchling Demo v1.07 --> C:\Program Files\Ideas From the Deep\Nanosaur 2 Demo\uninst.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Internet Security 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Peggle Extreme --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Play With Fire version 1.0 --> "C:\Program Files\Manifesto\PlayWithFire\unins000.exe"
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Rappelz_USA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}\setup.exe" -l0x9 -removeonly
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Riven --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Riven\DeIsL1.isu"
Sea3D --> "C:\Program Files\Sea3D\uninstall.exe"
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Tower Blaster (remove only) --> "C:\Documents and Settings\Harrison Weigel\My Documents\Tower Blaster\Uninstall.exe"
Unity Web Player --> C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Uru - Ages Beyond Myst --> "C:\Program Files\Ubi Soft\Cyan Worlds\Uru - Ages Beyond Myst\UninstallerData\Uninstall Uru - Ages Beyond Myst.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
When Orcs Attack! 1.0.6 --> C:\Program Files\When Orcs Attack!\uninst.exe
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}


-- Application Event Log -------------------------------------------------------

Event Record #/Type10647 / Error
Event Submitted/Written: 04/01/2008 07:39:44 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type10646 / Error
Event Submitted/Written: 04/01/2008 07:39:44 PM
Event ID/Source: 3012 / LoadPerf
Event Description:
The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Event Record #/Type10644 / Error
Event Submitted/Written: 04/01/2008 04:50:39 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type10643 / Error
Event Submitted/Written: 04/01/2008 04:50:39 PM
Event ID/Source: 3012 / LoadPerf
Event Description:
The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Event Record #/Type10641 / Error
Event Submitted/Written: 04/01/2008 04:36:29 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30763 / Warning
Event Submitted/Written: 03/31/2008 11:02:03 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{8149FC26-4AE5-4CB9-A032-3249D32C833F}.

Event Record #/Type30761 / Warning
Event Submitted/Written: 03/31/2008 11:01:50 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{8149FC26-4AE5-4CB9-A032-3249D32C833F}.

Event Record #/Type30757 / Warning
Event Submitted/Written: 03/31/2008 11:01:07 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{8149FC26-4AE5-4CB9-A032-3249D32C833F}.

Event Record #/Type30755 / Warning
Event Submitted/Written: 03/31/2008 11:00:54 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{8149FC26-4AE5-4CB9-A032-3249D32C833F}.

Event Record #/Type30748 / Warning
Event Submitted/Written: 03/31/2008 10:58:20 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{8149FC26-4AE5-4CB9-A032-3249D32C833F}.



-- End of Deckard's System Scanner: finished at 2008-04-01 19:43:09 ------------

Thank you very much
  • 0

#8
sage5
Posted 02 April 2008 - 05:12 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi thnikkaman,

Please print these instructions, and have the hard copy handy, to complete the steps below.

This lot being disabled & outdated is as handy as no protection at all:

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation) Outdated


Let's get you some good security software, Anti-virus & firewall:
I have listed a couple of free versions of both. While these are free, they are very capable, (at least as good as Nortons & easier on your system)
Please download, one of each, to your Desktop, but do not install just yet.

Firewalls: Please download one only.
Comodo Firewall Pro or Sunbelt Personal Firewall

Anti-virus: Please download one only:
Avast! Free Edition or AntiVir PersonalEdition Classic

Anti-Virus Tutorials/Manuals:
Avast Tutorial
Avast Manual
Antivir Manual

Please also download the following & save to your Desktop:
Norton Removal Tool
SUPERAntiSpyware
ComboFix


Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Run SUPERAntiSpyware:
  • Double click on the SUPERAntiSpyware.exe file on your Desktop to install the program
  • When done, start the program using the desktop icon.
  • When asked to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure just the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
  • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and when asked to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the log file as C:\SAS.txt


Remove Nortons:
Double click the Norton_Removal_Tool.exe & follow the instructions.
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.


Now install the new firewall you downloaded earlier.

Next install the new anti-virus software.
Please allow the new Anti-virus to run a full System scan, and at the end of the process you should be able to save a scan log.
If the scan report window does not have a Save as Repot Button (or similar), you may be able to highlight the text in the window & copy & paste it to a new Notepad file.
Save it as C:\avscan.txt if you can.

I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus and Firewall programs.


Along with the HijackThis log please also paste the text from:
  • C:\Combofix.txt
  • C:\SAS.txt
  • C:\avscan.txt


The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#9
sage5
Posted 15 April 2008 - 01:26 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP