Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help! my computer apprears to be the equivelant of a digital typho


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

Advertisements


#17
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Deckard's System Scanner v20071014.68
Run by steve on 2008-04-29 23:52:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as steve.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:26, on 29/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\steve\Desktop\dss.exe
C:\Users\steve\DOWNLO~1\VIRUS_~1\steve.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfr..._instmodule.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\ALIENG~1\VistaSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7900 bytes

-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 18:53:04 0 d-------- C:\Users\All Users\Malwarebytes
2008-04-29 18:53:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 00:41:29 0 d-------- C:\Users\steve\aircon faults
2008-04-27 13:29:05 1776621 --a------ C:\Users\steve\ComboFix.exe
2008-04-27 12:20:53 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-04-27 12:20:51 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-27 00:29:12 0 d-------- C:\Program Files\MagicISO
2008-04-27 00:16:50 335 --a------ C:\Windows\nsreg.dat
2008-04-27 00:16:06 118784 --a------ C:\Windows\GREUninstall.exe
2008-04-27 00:16:00 8618 --a------ C:\Windows\mozver.dat
2008-04-26 23:27:40 0 d-------- C:\Program Files\EwisoftWeb
2008-04-26 20:25:22 216127484 --a------ C:\BackupRegistry(20080426)cleaner.reg
2008-04-26 19:55:35 216278948 --a------ C:\BackupRegistry(20080426).reg
2008-04-26 19:45:22 0 d-------- C:\Program Files\Yamicsoft
2008-04-26 19:42:25 0 d-------- C:\Windows\TweakVI
2008-04-26 16:10:33 0 d-------- C:\Users\steve\my letters
2008-04-26 16:10:24 0 d-------- C:\Users\steve\New Folder(547)
2008-04-26 14:48:17 0 d-------- C:\Users\All Users\TuneUp Software
2008-04-26 14:47:54 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-04-26 13:06:39 0 d-------- C:\Program Files\NeoSmart Technologies
2008-04-26 03:46:24 0 d-------- C:\Program Files\Wise Registry Cleaner 3
2008-04-26 00:35:44 68096 --a------ C:\Windows\zip.exe
2008-04-26 00:35:44 49152 --a------ C:\Windows\VFind.exe
2008-04-26 00:35:44 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-26 00:35:44 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-26 00:35:44 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-26 00:35:44 98816 --a------ C:\Windows\sed.exe
2008-04-26 00:35:44 80412 --a------ C:\Windows\grep.exe
2008-04-26 00:35:44 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-25 22:41:19 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-04-25 21:32:04 21312 --a------ C:\Windows\choice.exe
2008-04-25 20:30:49 0 d-------- C:\Program Files\Common Files\Stardock
2008-04-25 20:30:49 0 d-------- C:\Program Files\AlienGUIse
2008-04-25 16:35:06 0 d-------- C:\Users\steve\.SunDownloadManager
2008-04-25 00:30:50 0 d-------- C:\Program Files\Effective Studios
2008-04-24 18:42:26 0 d-------- C:\PerfLogs
2008-04-23 19:07:53 0 d--h----- C:\Windows\Content.IE5
2008-04-23 18:26:11 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-23 18:26:11 51200 --a------ C:\Windows\system32\dumphive.exe
2008-04-23 03:18:17 0 d-------- C:\Program Files\BillP Studios
2008-04-23 01:50:37 0 d-------- C:\Program Files\Alwil Software
2008-04-23 00:59:57 0 d-------- C:\Program Files\Spyware Doctor
2008-04-23 00:31:19 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 23:35:12 0 d--h----- C:\Windows\PIF
2008-04-22 23:24:06 0 d-------- C:\Users\All Users\Avira
2008-04-22 23:00:58 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-22 21:52:11 134144 -ra------ C:\Windows\system32\sfxbar.dll <Not Verified; Software FX, Inc.; Software FX, Inc.>
2008-04-22 21:52:10 552960 -ra------ C:\Windows\system32\cfx4032.dll <Not Verified; Software FX, Inc.; Chart FX Client Server>
2008-04-22 21:51:58 18432 -ra------ C:\Windows\system32\commsc32.dll <Not Verified; Willies Computer Software Co.(WCSC); COMM-DRV>
2008-04-22 21:51:57 39424 -ra------ C:\Windows\system32\cdrvxf32.dll <Not Verified; Willies Computer Software Co.(WCSC); COMM-DRV>
2008-04-22 21:51:56 31744 -ra------ C:\Windows\system32\cdrvhf32.dll <Not Verified; Willies Computer Software Co.(WCSC); COMM-DRV>
2008-04-22 21:51:56 28672 -ra------ C:\Windows\system32\cdrvdl32.dll <Not Verified; Willies Computer Software Co.(WCSC); COMM-DRV>
2008-04-22 21:51:52 0 d-------- C:\Program Files\WildPackets
2008-04-22 21:51:52 0 d-------- C:\Program Files\Common Files\WildPackets
2008-04-22 21:50:44 0 d-------- C:\Windows\system32\URTTEMP
2008-04-22 21:22:51 0 d-------- C:\Users\All Users\obavspsh
2008-04-22 20:08:01 0 d-------- C:\Users\All Users\PassMark
2008-04-22 20:07:57 0 d-------- C:\Program Files\WirelessMon
2008-04-21 04:30:16 0 d-------- C:\Users\steve\.terminfo
2008-04-21 04:30:16 0 d-------- C:\Program Files\Kismet
2008-04-21 04:23:08 0 d-------- C:\Program Files\CACE Technologies
2008-04-21 01:40:28 0 d-------- C:\Program Files\Cain
2008-04-21 00:51:31 0 d-------- C:\Program Files\WinPcap
2008-04-21 00:51:06 0 d-------- C:\Program Files\Wireshark
2008-04-21 00:24:41 0 d-------- C:\BT3
2008-04-20 22:56:03 0 -rahs---- C:\MSDOS.SYS
2008-04-20 22:56:03 0 -rahs---- C:\IO.SYS
2008-04-20 13:09:46 0 d-------- C:\Windows\uninstall
2008-04-19 15:10:43 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-19 14:39:25 0 d-------- C:\Users\All Users\avg8
2008-04-18 20:48:22 0 d-------- C:\Program Files\Easy Video Joiner
2008-04-17 20:21:52 0 d-------- C:\Program Files\DOCSIS Configurator
2008-04-16 18:28:29 0 d-------- C:\Program Files\Vidalia Bundle
2008-04-12 22:17:09 0 d-------- C:\Program Files\MyXOFT
2008-04-11 22:23:56 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-11 22:11:28 0 d-------- C:\Program Files\Vstplugins
2008-04-11 22:10:54 0 d-------- C:\Program Files\Sony
2008-04-11 22:10:07 0 d-------- C:\Program Files\Sony Setup
2008-04-05 18:55:29 0 d-------- C:\video
2008-04-05 17:51:09 0 d-------- C:\DVD_VIDEO
2008-04-03 23:10:28 0 d-------- C:\Program Files\CCleaner
2008-03-31 17:10:04 0 d-------- C:\Windows\Sun
2008-03-31 17:03:58 0 d-------- C:\Program Files\CFWebAdvancedU
2008-03-31 16:32:03 0 d-------- C:\Program Files\PeerGuardian2


-- Find3M Report ---------------------------------------------------------------

2008-04-29 22:38:47 0 d-------- C:\Users\steve\AppData\Roaming\uTorrent
2008-04-29 21:02:10 77371 --a------ C:\Users\steve\AppData\Roaming\nvModes.001
2008-04-29 21:00:58 12 --a------ C:\Windows\bthservsdp.dat
2008-04-29 18:53:22 0 d-------- C:\Users\steve\AppData\Roaming\Malwarebytes
2008-04-27 23:51:03 77371 --a------ C:\Users\steve\AppData\Roaming\nvModes.dat
2008-04-27 03:59:13 0 d-------- C:\Users\steve\AppData\Roaming\WinPatrol
2008-04-27 03:59:08 0 d-------- C:\Users\steve\AppData\Roaming\dvdcss
2008-04-27 03:59:08 0 d-------- C:\Users\steve\AppData\Roaming\Audacity
2008-04-27 00:34:46 0 d-------- C:\Users\steve\AppData\Roaming\KompoZer
2008-04-27 00:16:50 0 d-------- C:\Users\steve\AppData\Roaming\Mozilla
2008-04-27 00:15:49 0 d-------- C:\Program Files\Common Files
2008-04-26 14:48:28 0 d-------- C:\Users\steve\AppData\Roaming\TuneUp Software
2008-04-26 03:05:31 0 d-------- C:\Program Files\Java
2008-04-24 18:54:05 174 --ahs---- C:\Program Files\desktop.ini
2008-04-24 18:43:29 0 d-------- C:\Program Files\Windows Sidebar
2008-04-24 18:43:29 0 d-------- C:\Program Files\Windows Mail
2008-04-24 18:43:29 0 d-------- C:\Program Files\Windows Journal
2008-04-24 18:43:29 0 d-------- C:\Program Files\Windows Collaboration
2008-04-24 18:43:29 0 d-------- C:\Program Files\Windows Calendar
2008-04-24 18:43:29 0 d-------- C:\Program Files\Movie Maker
2008-04-24 18:43:28 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-24 18:43:27 0 d-------- C:\Program Files\Windows Defender
2008-04-23 21:36:15 0 d-------- C:\Program Files\ImTOO
2008-04-23 18:54:00 35 --a------ C:\Users\steve\AppData\Roaming\SetValue.bat
2008-04-23 18:54:00 691 --a------ C:\Users\steve\AppData\Roaming\GetValue.vbs
2008-04-23 03:51:39 0 d-------- C:\Program Files\CONEXANT
2008-04-23 02:18:51 0 d-------- C:\Users\steve\AppData\Roaming\SUPERAntiSpyware.com
2008-04-23 00:59:57 0 d-------- C:\Users\steve\AppData\Roaming\PC Tools
2008-04-22 21:52:42 0 d-------- C:\Users\steve\AppData\Roaming\WildPackets
2008-04-22 21:51:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 00:59:10 0 d-------- C:\Users\steve\AppData\Roaming\Wireshark
2008-04-14 00:53:27 0 d-------- C:\Users\steve\AppData\Roaming\Sony
2008-04-14 00:52:17 0 d-------- C:\Users\steve\AppData\Roaming\Publish Providers
2008-04-14 00:52:17 0 d-------- C:\Users\steve\AppData\Roaming\NetMedia Providers
2008-04-11 22:03:01 0 d-------- C:\Users\steve\AppData\Roaming\AccurateRip
2008-04-02 23:03:31 0 d-------- C:\Users\steve\AppData\Roaming\Media Player Classic
2008-04-01 00:59:57 0 d-------- C:\Users\steve\AppData\Roaming\Adobe
2008-03-31 16:45:42 0 d-------- C:\Users\steve\AppData\Roaming\CamfrogWEB
2008-03-31 00:53:55 0 d-------- C:\Users\steve\AppData\Roaming\Template
2008-03-23 02:48:44 0 d-------- C:\Program Files\Common Files\snpstd3
2008-03-23 02:45:42 0 d-------- C:\Program Files\Mingjong
2008-03-23 02:44:27 0 d-------- C:\Program Files\camtool
2008-03-22 05:47:30 0 d-------- C:\Program Files\Online Services
2008-03-22 05:08:40 0 d-------- C:\Users\steve\AppData\Roaming\muvee Technologies
2008-03-22 04:57:03 0 d-------- C:\Users\steve\AppData\Roaming\ESTsoft
2008-03-22 04:57:03 0 d-------- C:\Program Files\ESTsoft
2008-03-22 04:55:10 26340 --a------ C:\Users\steve\AppData\Roaming\UserTile.png
2008-03-22 04:55:10 0 d-------- C:\Users\steve\AppData\Roaming\PeerNetworking
2008-03-22 04:38:29 0 d-------- C:\Users\steve\AppData\Roaming\gtk-2.0
2008-03-22 04:31:07 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-22 02:59:53 0 d-------- C:\Program Files\WinAVIVideoConverter
2008-03-22 00:19:49 0 d-------- C:\Program Files\SlySoft
2008-03-22 00:16:39 0 d-------- C:\Users\steve\AppData\Roaming\SlySoft
2008-03-21 23:23:09 0 d-------- C:\Program Files\DVD Decrypter
2008-03-21 23:22:40 0 d-------- C:\Program Files\DVD Shrink
2008-03-21 23:14:30 0 d-------- C:\Program Files\uTorrent
2008-03-21 23:04:44 0 d-------- C:\Users\steve\AppData\Roaming\Google
2008-03-21 00:59:20 0 d-------- C:\Users\steve\AppData\Roaming\Roxio
2008-03-14 21:28:54 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-09 21:29:02 0 d-------- C:\Program Files\Lionhead Studios
2008-03-09 17:56:26 0 d-------- C:\Users\steve\AppData\Roaming\Atari
2008-03-09 17:56:13 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-03-09 17:55:58 0 d-------- C:\Users\steve\AppData\Roaming\Leadertech
2008-03-09 17:48:37 0 d-------- C:\Program Files\Atari
2008-03-09 02:48:13 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-09 02:47:44 0 d-------- C:\Program Files\eRightSoft
2008-03-08 18:09:41 0 --a------ C:\Users\steve\AppData\Roaming\wklnhst.dat
2008-03-08 11:22:35 0 d-------- C:\Users\steve\AppData\Roaming\vlc
2008-03-08 11:21:31 0 d-------- C:\Program Files\VideoLAN
2008-03-06 00:07:43 0 d-------- C:\Program Files\Infogrames
2008-03-05 15:47:35 0 d-------- C:\Program Files\The Creative Assembly
2008-03-05 15:47:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-03 02:49:22 0 d-------- C:\Users\steve\AppData\Roaming\Corel
2008-03-03 02:35:41 0 d-------- C:\Program Files\Common Files\Protexis
2008-03-03 02:33:33 0 d-------- C:\Program Files\Common Files\Corel
2008-03-03 02:32:47 0 d-------- C:\Program Files\Corel
2008-03-01 08:47:37 0 d-------- C:\Users\steve\AppData\Roaming\CyberLink
2008-03-01 08:47:25 0 d-------- C:\Users\steve\AppData\Roaming\HP
2008-03-01 08:17:54 0 d-------- C:\Users\steve\AppData\Roaming\Identities
2008-03-01 08:16:05 0 d-------- C:\Program Files\WIDCOMM
2008-03-01 08:10:49 0 d-------- C:\Users\steve\AppData\Roaming\Macromedia
2008-03-01 08:10:04 0 d-------- C:\Users\steve\AppData\Roaming\Hewlett-Packard
2008-03-01 08:07:49 81 --a------ C:\Windows\system32\LOG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
26/04/2008 19:08 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [11/03/2007 12:21]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/02/2007 15:37]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [24/04/2007 02:11]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/03/2007 19:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 07:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [26/04/2008 19:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/01/2008 06:38]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [29/04/2007 11:05]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [29/04/2007 11:05]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [29/04/2007 11:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 16:30]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 08:33]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 4:24:54 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/20/2006 1:27:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"PromptOnSecureDesktop"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-29 23:54:05 ------------
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image




  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#19
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
its only bringing up the one text file!?
  • 0

#20
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No need to worry

Follow the instructions in my previous post
  • 0

#21
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
howdy do!

firstly........

Quote "Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. "

couldn't agree more, even more to the point. i wish i was much better with linux, and wish linux had better support for the home user (lindows nearly managed it!). VISTA is the flakiest version of windows upon first release i have ever had the misfortune to use. i used to be a dab hand at shifting malware but it sems as windows get more intensive so does the malware muppets code.

i'll run kapersky online scanner, i wish i'd got kapersky instead of avast its much keener, but my lass would get confused by kaperskys interface. Whilst im here i'm interested in helpin out here but wouldn't mind knowing how much time i need to dedicate, (i already do a bit of scam baiting, lol!).
  • 0

#22
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No need to run Kaspersky Webscanner, your PC is clean

It takes a big commitment here to do the training, it is worth it though

Let me know those steps go
  • 0

#23
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
will do dude, gonna fill the form in. between work, the kids, my lass and the band i'm sure i can spare some time :) to a worthwhile cause. Also good with hardware and encoding so i may as well lend a hand as i already have a reasonable amount of knowledge (thats a bit rusty) on the reg side although as you've found i'll play dumb to help. That way I DONT KNOW BETTER and dont interfere in the process to rectify the wrongs. Incidentally i know how i ended up in this mess, and its embarasing!!! i left the firewall off after shifting malware! d'oh!

Anyhoo i'll dissapear and thanks very much for your continued help, support and patience!

i'll kep you informed of my progress :).
  • 0

#24
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP