If it does then post in the Windows XP forum, tell them I sent you over
Anything else ?
Another trojandownloader.xs victim.....help [RESOLVED]
Started by
AZSCTACO
, Apr 11 2008 09:08 AM
-
This topic is locked
#16
Posted 21 April 2008 - 02:59 PM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
If it does then post in the Windows XP forum, tell them I sent you over
Anything else ?
#17
Posted 22 April 2008 - 05:02 AM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
Lets try something
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Download the HostsXpert 3.7 - Hosts File Manager.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Download the HostsXpert 3.7 - Hosts File Manager.
- Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
- Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
- Click "Make Hosts Writable?" in the upper right corner (If available).
- Click Restore Microsoft's Hosts file and then click OK.
- Click the X to exit the program.
- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Edited by Rorschach112, 22 April 2008 - 05:06 AM.
#18
Posted 22 April 2008 - 08:38 AM
AZSCTACO
- Topic Starter
-
- Member
-
- 11 posts
Member
This appears to have fixed the problem, thank you. Logs requested are pasted below:
Main.txt
Deckard's System Scanner v20071014.68
Run by winroot on 2008-04-22 07:30:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
6: 2008-04-22 14:30:28 UTC - RP1143 - Deckard's System Scanner Restore Point
5: 2008-04-21 19:19:34 UTC - RP1142 - Installed Java™ 6 Update 5
4: 2008-04-21 19:07:46 UTC - RP1141 - Removed Java™ 6 Update 5
3: 2008-04-21 19:06:51 UTC - RP1140 - Removed Java™ 6 Update 3
2: 2008-04-21 19:05:45 UTC - RP1139 - Removed Java™ 6 Update 2
-- First Restore Point --
1: 2008-04-21 19:04:33 UTC - RP1138 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as winroot.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:15 AM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Registry Cleaner\PCRegistryCleaner.exe
C:\Documents and Settings\winroot\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\winroot.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyInsights] "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - https://ra.qwest.com...ad/tgctlins.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF4A2C45-CB89-4018-94BB-C2CACB83A537} (XancamX Camera Control) - https://homesight.xa...ice/xancamx.ocx
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
--
End of file - 5939 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080410-162930-403 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
backup-20080411-084243-571 O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
backup-20080411-084312-182 O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 catchme - c:\docume~1\winroot\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 Winachcf - c:\windows\system32\drivers\winachcf.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S2 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-22 07:19:04 366 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-04-22 02:25:00 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-22 02:15:00 446 --a------ C:\WINDOWS\Tasks\SpyHunter Scanner.job
2008-04-21 17:00:03 452 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
-- Files created between 2008-03-22 and 2008-04-22 -----------------------------
2008-04-21 13:28:03 21312 --a------ C:\WINDOWS\choice.exe
2008-04-21 12:35:12 0 d-------- C:\ie-spyad
2008-04-21 12:20:54 0 d-------- C:\Program Files\Java
2008-04-21 12:19:40 0 d-------- C:\Program Files\Common Files\Java
2008-04-21 12:17:34 0 d-------- C:\Program Files\SDM
2008-04-21 09:50:00 0 d-------- C:\Documents and Settings\winroot\Application Data\Malwarebytes
2008-04-21 09:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 09:49:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 15:05:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-11 15:05:38 0 d-------- C:\Documents and Settings\winroot\Application Data\Mozilla
2008-04-11 12:27:47 0 d-------- C:\WINDOWS\resources
2008-04-11 12:20:54 2200 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-11 10:00:31 0 d-------- C:\Program Files\XoftSpySE
2008-04-11 07:43:55 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-10 14:22:50 0 d-------- C:\Program Files\Enigma Software Group
2008-04-10 14:01:29 0 d-------- C:\Program Files\Trend Micro
2008-04-10 13:09:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 09:55:15 0 d-------- C:\Program Files\Windows Defender
2008-04-09 15:56:53 0 d-------- C:\Program Files\PC Registry Cleaner
2008-04-09 15:40:51 0 d-------- C:\WINDOWS\pss
2008-04-09 14:04:32 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-09 14:03:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-09 14:02:40 0 d-------- C:\Program Files\Yahoo!
2008-04-09 12:34:51 8388608 --a------ C:\Documents and Settings\winroot\ntuser.dat
2008-04-09 12:34:50 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
-- Find3M Report ---------------------------------------------------------------
2008-04-21 12:19:40 0 d-------- C:\Program Files\Common Files
2008-04-14 20:02:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-11 16:28:28 0 d-------- C:\Documents and Settings\winroot\Application Data\Adobe
2008-03-24 12:34:08 0 d-------- C:\Program Files\Microsoft Money Plus
2008-03-05 09:06:06 0 d-------- C:\Program Files\Clever Age
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2003 03:17 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2003 03:05 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [05/20/2003 10:21 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyInsights"="C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe" [02/19/2008 10:07 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-04-22 07:32:25 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2039.48 MiB / 1540.78 MiB
Pagefile Memory (total/avail): 2070.16 MiB / 1782.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.88 MiB
C: is Fixed (NTFS) - 37.27 GiB total, 27.63 GiB free.
D: is CDROM (No Media)
Z: is Network (NTFS)
\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\winroot\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HPREAROFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\winroot
LOGONSERVER=\\HPREAROFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\SecureCRT
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\winroot\LOCALS~1\Temp
TMP=C:\DOCUME~1\winroot\LOCALS~1\Temp
USERDOMAIN=HPREAROFFICE
USERNAME=winroot
USERPROFILE=C:\Documents and Settings\winroot
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
winroot (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACT! --> C:\WINDOWS\IsUninstAct.exe -f"C:\Program Files\ACT\Uninst6.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ClientTools --> MsiExec.exe /I{AD19537C-20BC-4813-A388-DDD6ACA88479}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Exporter for ACT! (4-6) --> C:\PROGRA~1\Exporter\UNWISE.EXE C:\PROGRA~1\Exporter\INSTALL.LOG
Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe CeS
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money Plus --> "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visio Viewer 2002 --> MsiExec.exe /I{94F9723E-900A-43C5-8F4E-AD2D2ED09273}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
ODF Add-in for Microsoft Word --> MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}
Online Testing Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
PC Registry Cleaner --> MsiExec.exe /X{610E6187-2D1F-4B80-BC9F-B13D8585415A}
RESUMate 10 --> C:\PROGRA~1\RESUMA~1\UnInstall.EXE C:\PROGRA~1\RESUMA~1\INSTALL.LOG
RESUMate Repair+ v7.3 --> C:\PROGRA~1\RESUMA~1\UNWISE.EXE C:\PROGRA~1\RESUMA~1\INSTALL.LOG
Send Personally --> MsiExec.exe /I{27525601-6772-407E-89C5-B58F492A5166}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Sun™ Download Manager 1.3 --> C:\Program Files\SDM\Uninstall.exe
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wisdom-soft ScreenHunter 4.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type9094 / Warning
Event Submitted/Written: 04/21/2008 01:33:07 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type9093 / Warning
Event Submitted/Written: 04/21/2008 01:33:07 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type9087 / Warning
Event Submitted/Written: 04/21/2008 00:48:12 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type9086 / Warning
Event Submitted/Written: 04/21/2008 00:48:12 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type9078 / Error
Event Submitted/Written: 04/21/2008 10:19:10 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Trojan.Vundo in File: C:\System Volume Information\_restore{E7B4C8DE-9EE6-42D2-8C2D-0237ADBAA694}\RP1136\A0072974.dll by: Realtime Protection scan. Action: Quarantine succeeded : Access denied
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type20882 / Warning
Event Submitted/Written: 04/22/2008 03:12:16 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type20878 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Event Record #/Type20877 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
Event Record #/Type20876 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
Event Record #/Type20875 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
-- End of Deckard's System Scanner: finished at 2008-04-22 07:32:25 ------------
Main.txt
Deckard's System Scanner v20071014.68
Run by winroot on 2008-04-22 07:30:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
6: 2008-04-22 14:30:28 UTC - RP1143 - Deckard's System Scanner Restore Point
5: 2008-04-21 19:19:34 UTC - RP1142 - Installed Java™ 6 Update 5
4: 2008-04-21 19:07:46 UTC - RP1141 - Removed Java™ 6 Update 5
3: 2008-04-21 19:06:51 UTC - RP1140 - Removed Java™ 6 Update 3
2: 2008-04-21 19:05:45 UTC - RP1139 - Removed Java™ 6 Update 2
-- First Restore Point --
1: 2008-04-21 19:04:33 UTC - RP1138 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as winroot.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:15 AM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Registry Cleaner\PCRegistryCleaner.exe
C:\Documents and Settings\winroot\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\winroot.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyInsights] "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - https://ra.qwest.com...ad/tgctlins.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF4A2C45-CB89-4018-94BB-C2CACB83A537} (XancamX Camera Control) - https://homesight.xa...ice/xancamx.ocx
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
--
End of file - 5939 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080410-162930-403 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
backup-20080411-084243-571 O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
backup-20080411-084312-182 O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 catchme - c:\docume~1\winroot\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 Winachcf - c:\windows\system32\drivers\winachcf.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S2 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-22 07:19:04 366 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-04-22 02:25:00 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-22 02:15:00 446 --a------ C:\WINDOWS\Tasks\SpyHunter Scanner.job
2008-04-21 17:00:03 452 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
-- Files created between 2008-03-22 and 2008-04-22 -----------------------------
2008-04-21 13:28:03 21312 --a------ C:\WINDOWS\choice.exe
2008-04-21 12:35:12 0 d-------- C:\ie-spyad
2008-04-21 12:20:54 0 d-------- C:\Program Files\Java
2008-04-21 12:19:40 0 d-------- C:\Program Files\Common Files\Java
2008-04-21 12:17:34 0 d-------- C:\Program Files\SDM
2008-04-21 09:50:00 0 d-------- C:\Documents and Settings\winroot\Application Data\Malwarebytes
2008-04-21 09:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 09:49:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 15:05:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-11 15:05:38 0 d-------- C:\Documents and Settings\winroot\Application Data\Mozilla
2008-04-11 12:27:47 0 d-------- C:\WINDOWS\resources
2008-04-11 12:20:54 2200 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-11 10:00:31 0 d-------- C:\Program Files\XoftSpySE
2008-04-11 07:43:55 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-10 14:22:50 0 d-------- C:\Program Files\Enigma Software Group
2008-04-10 14:01:29 0 d-------- C:\Program Files\Trend Micro
2008-04-10 13:09:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 09:55:15 0 d-------- C:\Program Files\Windows Defender
2008-04-09 15:56:53 0 d-------- C:\Program Files\PC Registry Cleaner
2008-04-09 15:40:51 0 d-------- C:\WINDOWS\pss
2008-04-09 14:04:32 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-09 14:03:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-09 14:02:40 0 d-------- C:\Program Files\Yahoo!
2008-04-09 12:34:51 8388608 --a------ C:\Documents and Settings\winroot\ntuser.dat
2008-04-09 12:34:50 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
-- Find3M Report ---------------------------------------------------------------
2008-04-21 12:19:40 0 d-------- C:\Program Files\Common Files
2008-04-14 20:02:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-11 16:28:28 0 d-------- C:\Documents and Settings\winroot\Application Data\Adobe
2008-03-24 12:34:08 0 d-------- C:\Program Files\Microsoft Money Plus
2008-03-05 09:06:06 0 d-------- C:\Program Files\Clever Age
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2003 03:17 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2003 03:05 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [05/20/2003 10:21 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyInsights"="C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe" [02/19/2008 10:07 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-04-22 07:32:25 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2039.48 MiB / 1540.78 MiB
Pagefile Memory (total/avail): 2070.16 MiB / 1782.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.88 MiB
C: is Fixed (NTFS) - 37.27 GiB total, 27.63 GiB free.
D: is CDROM (No Media)
Z: is Network (NTFS)
\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\winroot\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HPREAROFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\winroot
LOGONSERVER=\\HPREAROFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\SecureCRT
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\winroot\LOCALS~1\Temp
TMP=C:\DOCUME~1\winroot\LOCALS~1\Temp
USERDOMAIN=HPREAROFFICE
USERNAME=winroot
USERPROFILE=C:\Documents and Settings\winroot
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
winroot (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACT! --> C:\WINDOWS\IsUninstAct.exe -f"C:\Program Files\ACT\Uninst6.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ClientTools --> MsiExec.exe /I{AD19537C-20BC-4813-A388-DDD6ACA88479}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Exporter for ACT! (4-6) --> C:\PROGRA~1\Exporter\UNWISE.EXE C:\PROGRA~1\Exporter\INSTALL.LOG
Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe CeS
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money Plus --> "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visio Viewer 2002 --> MsiExec.exe /I{94F9723E-900A-43C5-8F4E-AD2D2ED09273}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
ODF Add-in for Microsoft Word --> MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}
Online Testing Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
PC Registry Cleaner --> MsiExec.exe /X{610E6187-2D1F-4B80-BC9F-B13D8585415A}
RESUMate 10 --> C:\PROGRA~1\RESUMA~1\UnInstall.EXE C:\PROGRA~1\RESUMA~1\INSTALL.LOG
RESUMate Repair+ v7.3 --> C:\PROGRA~1\RESUMA~1\UNWISE.EXE C:\PROGRA~1\RESUMA~1\INSTALL.LOG
Send Personally --> MsiExec.exe /I{27525601-6772-407E-89C5-B58F492A5166}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Sun™ Download Manager 1.3 --> C:\Program Files\SDM\Uninstall.exe
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wisdom-soft ScreenHunter 4.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type9094 / Warning
Event Submitted/Written: 04/21/2008 01:33:07 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type9093 / Warning
Event Submitted/Written: 04/21/2008 01:33:07 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type9087 / Warning
Event Submitted/Written: 04/21/2008 00:48:12 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type9086 / Warning
Event Submitted/Written: 04/21/2008 00:48:12 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type9078 / Error
Event Submitted/Written: 04/21/2008 10:19:10 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Trojan.Vundo in File: C:\System Volume Information\_restore{E7B4C8DE-9EE6-42D2-8C2D-0237ADBAA694}\RP1136\A0072974.dll by: Realtime Protection scan. Action: Quarantine succeeded : Access denied
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type20882 / Warning
Event Submitted/Written: 04/22/2008 03:12:16 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type20878 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Event Record #/Type20877 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
Event Record #/Type20876 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
Event Record #/Type20875 / Error
Event Submitted/Written: 04/21/2008 02:25:26 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
-- End of Deckard's System Scanner: finished at 2008-04-22 07:32:25 ------------
#19
Posted 22 April 2008 - 08:47 AM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
Perfect, looks good
* I notice that you have no anti-virus program on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs :
AVG makes an excellent free antivirus client, as do AntiVir or avast!.
Then tell me how your PC is running
* I notice that you have no anti-virus program on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs :
AVG makes an excellent free antivirus client, as do AntiVir or avast!.
Then tell me how your PC is running
#20
Posted 27 April 2008 - 05:35 AM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
