Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help. Not sure of Infection type


  • Please log in to reply

#1
schplurg

schplurg

    New Member

  • Member
  • Pip
  • 6 posts
My symptoms seem identical to the ones in this thread (task manager and regedit disabled, wallpaper changed to a phony Spyware "link", etc):


Thread

I followed the instructions in that thread...downloaded the files needed and used them. However, at one point the person helping has the poster to create a script file of some kind.

Anyways, I guess I need some feedback on how to complete the removal of this problem.

I will post my HijackThis file and hope that somebody out there can help me :) I am currently in Safe Mode since booting normally allows an endless stream of Spybot Reg Change allow/disallow popups.
--------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:50 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {DE437AD9-45B3-4F10-A84C-63317AF2751D} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TaskPlus] C:\Program Files\TaskPlus\taskplus0.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [542e6ae7] rundll32.exe "C:\WINDOWS\system32\onkabmqh.dll",b
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palm desktop\AlarmApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5928 bytes

Thank you for any help at all :)
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello schplurg

Welcome to G2Go. :)
=====================
Try to run the below in Normal Mode.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
schplurg

schplurg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the quick response. Wow!!!

as requested...

main.txt...

Deckard's System Scanner v20071014.68
Run by mike on 2008-04-27 18:15:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-04-28 01:16:03 UTC - RP258 - Deckard's System Scanner Restore Point
27: 2008-04-27 23:07:01 UTC - RP257 - Last known good configuration
26: 2008-04-27 23:07:01 UTC - RP256 - Installed Comic Collector Live
25: 2008-04-27 23:07:00 UTC - RP255 - System Checkpoint
24: 2008-04-27 23:07:00 UTC - RP254 - System Checkpoint


-- First Restore Point --
1: 2008-04-27 23:06:57 UTC - RP231 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:03 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\MALWARESTUFF\dss.exe
C:\PROGRA~1\HIJACK~1\mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///f:/Inetpub/wwwroot/mike/links.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {DE437AD9-45B3-4F10-A84C-63317AF2751D} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TaskPlus] C:\Program Files\TaskPlus\taskplus0.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [542e6ae7] rundll32.exe "C:\WINDOWS\system32\onkabmqh.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Wrist-Saver] C:\Games\GameMakernew\Source\carpaltask\wrist-saver.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palm desktop\AlarmApp.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8427 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 A5AGU (D-Link USB Wireless Network Adapter Service) - c:\windows\system32\drivers\a5agu.sys <Not Verified; D-Link Corporation; D-Link Wireless USB Network Adapter>
S3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys (file missing)
S3 ATHFMWDL (D-Link predator Bootloader driver) - c:\windows\system32\drivers\athfmwdl.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 EU3_USB (WLAN miniUSB Adapter Driver) - c:\windows\system32\drivers\eu3usb.sys (file missing)
S3 WNCPKT (WNCPKT Protocol Driver) - c:\windows\system32\drivers\wncpkt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 bgsvcgen (B's Recorder GOLD Library General Service) - "c:\windows\system32\bgsvcgen.exe" <Not Verified; B.H.A Corporation; B's Recorder GOLD9>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 18:11:39 0 d-------- C:\MALWARESTUFF
2008-04-27 18:09:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-27 18:08:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-04-27 17:08:41 0 d-------- C:\Documents and Settings\mike\Application Data\Malwarebytes
2008-04-27 16:52:29 3958 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-27 16:52:14 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-27 16:52:14 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-27 16:52:14 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-27 16:52:14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-27 16:52:14 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-27 16:52:14 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-27 16:52:14 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-27 16:52:14 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-27 16:31:04 0 d-------- C:\cmdcons
2008-04-27 16:29:04 68096 --a------ C:\WINDOWS\zip.exe
2008-04-27 16:29:04 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-27 16:29:04 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-27 16:29:04 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-27 16:29:04 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-27 16:29:04 98816 --a------ C:\WINDOWS\sed.exe
2008-04-27 16:29:04 80412 --a------ C:\WINDOWS\grep.exe
2008-04-27 16:29:04 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-27 14:14:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-27 14:13:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-27 14:12:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 14:12:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 14:11:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-27 14:11:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-27 14:00:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-27 13:47:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-27 13:47:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-27 13:47:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-27 13:47:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-27 13:47:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-27 13:47:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-27 13:47:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-27 13:47:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-27 13:47:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-27 13:47:35 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-27 13:47:24 0 d--hs---- C:\WINDOWS\CSC
2008-04-27 01:14:37 0 d-------- C:\WINDOWS\system32\wTMP
2008-04-27 01:14:20 0 d-------- C:\Program Files\Collectorz.com
2008-04-27 01:14:15 0 d-------- C:\WINDOWS\system32\pnVes06
2008-04-27 01:14:14 0 d-------- C:\Temp
2008-04-27 01:13:37 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-26 19:56:37 0 d-------- C:\Program Files\Comic Collector Live
2008-04-23 20:32:39 104671 --a------ C:\WINDOWS\system32\AckUtl.dll
2008-04-23 20:32:39 0 d-------- C:\Program Files\GStudio6
2008-04-15 19:44:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-15 17:36:11 0 d-------- C:\Documents and Settings\mike\Application Data\WinRAR
2008-04-14 20:01:50 0 d-------- C:\Program Files\Common Files\Bcgsoft
2008-04-14 19:58:10 0 d-------- C:\Program Files\FPS Creator
2008-04-14 19:56:04 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-04-14 19:56:03 0 d-------- C:\Program Files\MagicDisc


-- Find3M Report ---------------------------------------------------------------

2008-04-27 18:15:19 0 d-------- C:\Documents and Settings\mike\Application Data\Skype
2008-04-27 18:09:20 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-27 14:14:46 129 --a------ C:\Program Files\Task manager disabled, pop ups, wallpaper changed [RESOLVED] - Geeks to Go!.URL
2008-04-27 03:15:26 0 d-------- C:\Documents and Settings\mike\Application Data\uTorrent
2008-04-27 00:51:44 0 d-------- C:\Documents and Settings\mike\Application Data\Vso
2008-04-26 21:35:15 0 d-------- C:\Documents and Settings\mike\Application Data\OpenOffice.org2
2008-04-23 20:21:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-17 09:25:09 0 d-------- C:\Program Files\uTorrent
2008-04-14 20:01:50 0 d-------- C:\Program Files\Common Files
2008-04-09 20:10:24 0 d-------- C:\Program Files\Trillian Pro
2008-03-29 19:06:30 0 d-------- C:\Program Files\WinCHM
2008-03-25 17:24:38 0 d-------- C:\Program Files\FLV To AVI Converter - Pazera
2008-03-24 23:49:07 0 d-------- C:\Program Files\Common Files\WinCHM
2008-03-24 23:48:43 0 d-------- C:\Program Files\Help Creator
2008-03-24 23:48:24 0 d-------- C:\Documents and Settings\mike\Application Data\Azureus
2008-03-24 22:56:22 0 d-------- C:\Documents and Settings\mike\Application Data\Help
2008-03-24 19:12:10 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-24 19:09:05 0 d-------- C:\Program Files\Logitech
2008-03-23 22:20:10 0 d-------- C:\Program Files\Yahoo!
2008-03-23 18:48:41 0 d-------- C:\Program Files\BitTyrant
2008-03-23 17:09:03 0 d-------- C:\Documents and Settings\mike\Application Data\BitTyrant
2008-03-17 18:04:59 0 d-------- C:\Program Files\Rosetta Stone 3
2008-03-16 16:33:19 0 d-------- C:\Program Files\The Rosetta Stone 3
2008-03-13 18:48:05 0 d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2008-03-11 19:48:27 0 d-------- C:\Documents and Settings\mike\Application Data\Sony
2008-03-09 18:47:25 0 d-------- C:\Documents and Settings\mike\Application Data\Softplicity
2008-03-09 18:10:57 0 d-------- C:\Program Files\VirtualDubMod
2008-03-08 13:50:03 0 d-------- C:\Program Files\TagRename
2008-03-08 13:06:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-07 21:00:29 0 d-------- C:\Program Files\DVDlabPro
2008-03-06 22:46:41 0 d-------- C:\Documents and Settings\mike\Application Data\Apple Computer
2008-03-06 22:46:31 0 d-------- C:\Program Files\iTunes
2008-03-06 22:46:22 0 d-------- C:\Program Files\iPod
2008-03-06 22:45:54 0 d-------- C:\Program Files\Bonjour
2008-03-06 22:45:42 0 d-------- C:\Program Files\QuickTime
2008-03-06 22:44:24 0 d-------- C:\Program Files\Apple Software Update
2008-03-06 22:43:59 0 d-------- C:\Program Files\Common Files\Apple
2008-03-01 20:19:25 169 --a------ C:\wallpaper.bat
2008-02-28 21:23:42 0 d-------- C:\Program Files\TagScanner
2008-02-28 20:41:37 0 d-------- C:\Documents and Settings\mike\Application Data\Bytescout SWF To Video Scout
2008-02-27 20:16:19 0 d-------- C:\Documents and Settings\mike\Application Data\Creative


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE437AD9-45B3-4F10-A84C-63317AF2751D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [05/03/2002 10:06 AM C:\WINDOWS\system32\nwiz.exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 06:30 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 12:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 01:19 PM]
"Pop-Up Stopper"="D:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 06:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"TaskPlus"="C:\Program Files\TaskPlus\taskplus0.exe" []
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [10/25/2007 01:51 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 05:37 PM]
"542e6ae7"="C:\WINDOWS\system32\onkabmqh.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot\TeaTimer.exe" [08/31/2007 04:46 PM]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [06/22/2007 05:45 AM]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07/17/2007 12:03 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/2007 02:31 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"Wrist-Saver"="C:\Games\GameMakernew\Source\carpaltask\wrist-saver.exe" [03/31/2008 12:46 AM]

C:\Documents and Settings\mike\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [4/14/2008 7:56:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Alarm Manager.LNK - C:\Program Files\palm desktop\AlarmApp.exe [4/13/2004 6:03:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
AutoRun\command- M:\fpsc_mega.exe




-- End of Deckard's System Scanner: finished at 2008-04-27 18:17:41 ------------





extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 511.47 MiB / 168.96 MiB
Pagefile Memory (total/avail): 1247.64 MiB / 848.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 73.06 GiB free.
D: is Fixed (NTFS) - 85.05 GiB total, 60.53 GiB free.
E: is Fixed (NTFS) - 85.05 GiB total, 5.49 GiB free.
F: is Fixed (NTFS) - 92.19 GiB total, 3.27 GiB free.
G: is Fixed (NTFS) - 92.19 GiB total, 3.79 GiB free.
H: is Fixed (NTFS) - 49.39 GiB total, 18.72 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - Maxtor 6L250R0 - 233.76 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 92.19 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 141.57 GiB - G: - H:

\\.\PHYSICALDRIVE0 - MAXTOR STM3320620A - 298.09 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 170.1 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080107-0] v4.7.1098 (ALWIL Software) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Rosetta Stone 3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone 3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\Rosetta Stone 3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone 3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Rosetta Stone 3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone 3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone 3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone 3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mike\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIKEDUDE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mike
LOGONSERVER=\\MIKEDUDE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mike\LOCALS~1\Temp
TMP=C:\DOCUME~1\mike\LOCALS~1\Temp
USERDOMAIN=MIKEDUDE
USERNAME=mike
USERPROFILE=C:\Documents and Settings\mike
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mike (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3D GameStudio / A6 --> C:\PROGRA~1\GStudio6\UNWISE.EXE C:\PROGRA~1\GStudio6\INSTALL.LOG
Absolute Video Converter 2.9.2 --> "C:\Program Files\Absolute Video Converter\unins000.exe"
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AMP Font Viewer --> "C:\Program Files\AMP Font Viewer\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\AVG Anti-Spyware 7.5\Uninstall.exe
AVI/MPEG/RM/WMV Joiner 4.81 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
AVIConverter Vista Compatible --> C:\Program Files\AVIConverter\uninst.exe
BitTyrant --> C:\Program Files\BitTyrant\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CoffeeCup Flash FireStarter --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
CoffeeCup Flash Photo Gallery - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~2\INSTALL.LOG
Comic Collector Live --> MsiExec.exe /I{3D164C14-D35F-4D29-BA97-5316D127C21C}
ConvertXtoDVD 2.1.10.209 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DVD-lab PRO 1.53 --> "C:\Program Files\DVDlabPro\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDInfoPro --> MsiExec.exe /I{BDADEF11-F9EC-4A58-A54F-F492052FD779}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Easy Video Joiner 5.01 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
Easy Video Splitter 1.26 --> "C:\Program Files\Easy Video Splitter\unins000.exe"
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
FLAC 1.2.1b (remove only) --> C:\Program Files\FLAC\uninstall.exe
Font Xplorer 1.2.2 --> C:\Program Files\Font Xplorer\Uninstall.exe C:\PROGRA~1\FONTXP~1\Install.log
FPS Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B91E4360-298A-4306-9E95-9AD91A0952A1}\setup.exe" -l0x9
FPS Creator 1.0.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BC431ED-4689-4767-A612-BC14A00D0145}\Setup.exe" -l0x9
FPS Creator Model Pack - 11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15014839-85AF-439E-9C3C-A93BB74957B1}\Setup.exe" -l0x9
Framerate Converter HQ 2.03b --> "C:\Program Files\Framerate Converter HQ\Uninstall.exe" "C:\Program Files\Framerate Converter HQ\install.log"
Game Maker 7.0 --> C:\games\Game_Maker7\Uninstal.exe
Hide IP Platinum 2.91 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
IsoBuster 2.2 --> "C:\Program Files\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Mega Codec Pack 1.58 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BE10BF-28CB-4431-AC9D-AC644D45DC59}\setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 To Ringtone Gold 5.23 --> "C:\Program Files\mp3 to ringtone\unins000.exe"
Nero 7 Ultra Edition --> MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111 --> C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OpenOffice.org 2.2 --> MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Replay Media Catcher --> C:\PROGRA~1\REPLAY~1\UNWISE.EXE C:\PROGRA~1\REPLAY~1\INSTALL.LOG
River Past Audio Converter Pro --> C:\WINDOWS\Audio Converter Pro Uninstaller.exe
Rosetta Stone V3 --> MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Solid 4.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5752327A-660D-4907-B8F5-D3F39D047F3C}
Sony Noise Reduction Plug-In 2.0h --> MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0 --> MsiExec.exe /X{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot\unins000.exe"
SWAT 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
Tag&Rename 3.4.5 --> "C:\Program Files\TagRename\unins000.exe"
TagScanner 5.0 build 516 --> "C:\Program Files\TagScanner\unins000.exe"
TMPGEnc 4.0 XPress --> MsiExec.exe /I{AB212B59-FF45-4C18-B369-F630CB268DAF}
TMPGEnc DVD Author 3 with DivX Authoring --> MsiExec.exe /I{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}
Trillian --> C:\Program Files\Trillian Pro\trillian.exe /uninstall
WinAVI VideoConverter --> "C:\Program Files\WinAVI VideoConverter\unins000.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter7\unins000.exe"
WinCHM 3.41 --> "C:\Program Files\WinCHM\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wood Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6F1543A5-D822-48F4-B05E-07CD4E2357E9}
Worms2 --> C:\WINDOWS\IsUninst.exe -fC:\games\Worms2\Uninst.isu
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type1112 / Error
Event Submitted/Written: 04/27/2008 06:15:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type1111 / Error
Event Submitted/Written: 04/27/2008 06:15:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yahoomessenger.exe, version 8.1.0.421, faulting module unknown, version 0.0.0.0, fault address 0x0000000c.
Processing media-specific event for [yahoomessenger.exe!ws!]

Event Record #/Type1109 / Warning
Event Submitted/Written: 04/27/2008 06:14:24 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type1108 / Warning
Event Submitted/Written: 04/27/2008 06:14:24 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type1107 / Warning
Event Submitted/Written: 04/27/2008 06:14:24 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14940 / Error
Event Submitted/Written: 04/27/2008 06:12:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type14939 / Error
Event Submitted/Written: 04/27/2008 06:11:30 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type14938 / Error
Event Submitted/Written: 04/27/2008 06:11:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type14937 / Error
Event Submitted/Written: 04/27/2008 06:11:13 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type14936 / Error
Event Submitted/Written: 04/27/2008 06:05:44 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-04-27 18:17:41 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
First:
Please go to Start>Run and copy\paste this in and hit ok "%userprofile%\desktop\dss.exe" /daft

PLace a check next to all of the red entries and click on Fix.
Then close out of that.
==================
Second:

Then we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.
=====================================
Third:
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"DisableTaskMgr"=-
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
==============================
Fourth:
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {DE437AD9-45B3-4F10-A84C-63317AF2751D} - (no file)
O4 - HKLM\..\Run: [542e6ae7] rundll32.exe "C:\WINDOWS\system32\onkabmqh.dll",b
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1



Now click on Fix Checked and then close Hijackthis.
==================================
Fifth:
Please download SUPERAntiSpyware Home Edition (free version).
–Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Scan for Alternate Data streams
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.

Then run Superantispyware.
  • Double click on the icon to start Superantispyware.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log.
  • 0

#5
schplurg

schplurg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you, however, things have changed. I could not get online anymore and the situation seemed to be deteriorating, so I reinstalled XP. Not what I wanted to do, but I needed this computer up and running.

That being said, what would be my next step? Should I simply follow the instructions you have posted? Sorry for being a pain in the butt.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No if you reinstalled XP then it is a resolved case because everything is gone.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#7
schplurg

schplurg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, I'm back.

Thanks for the help, I thought my troubles were over. After a clean XP install, I am now getting a "resident shield alert" that I have the "CryptExe.a" virus (in svchost.exe). Spybot and AVG however do not find this when I run a scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:08 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1209429113796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1209429056671
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 3644 bytes


EDIT: I installed all winxp security updates

Edited by schplurg, 29 April 2008 - 02:18 PM.

  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi can you please uninstall one of the Antivirus programs you have.
I recommend keeping AVG.

Also can you give me the complete file path name of the detection please.

Also Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#9
schplurg

schplurg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
As far as the path you requested, I know that the file c:\windows\svchost.exe is being reported as infected with CryptExe.A. I haven't had an alert in awhile to get information from.

Deckards only returned a "main.txt" file. Here are the contents. Thank you!

------------------------


Deckard's System Scanner v20071014.68
Run by mike on 2008-04-29 15:32:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:24 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\mike.NONE-AE50B4C4EA\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\mike.exe

R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1209429113796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1209429056671
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2880 bytes

-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 13:20:43 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-29 13:20:31 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-04-29 13:20:31 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-29 13:20:30 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-29 13:20:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-29 13:20:30 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-04-29 13:20:28 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-29 13:20:27 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-29 13:20:22 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Real
2008-04-29 13:20:22 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
2008-04-28 23:27:12 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\WinRAR
2008-04-28 23:12:50 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Vso
2008-04-28 17:54:26 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\writings
2008-04-28 17:51:34 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-28 17:35:54 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-04-28 17:32:29 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-28 17:30:45 0 d---s---- C:\Documents and Settings\mike.NONE-AE50B4C4EA\UserData
2008-04-28 17:29:36 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Yahoo!
2008-04-28 17:29:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-28 11:21:27 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-28 11:12:21 0 d--h----- C:\$AVG8.VAULT$
2008-04-27 23:41:15 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\uTorrent
2008-04-27 22:38:25 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-27 22:38:17 0 d-------- C:\Program Files\AVG
2008-04-27 22:38:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-04-27 22:28:58 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Macromedia
2008-04-27 22:28:43 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Adobe
2008-04-27 22:28:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-04-27 22:24:12 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-27 22:24:12 2557 --a------ C:\WINDOWS\unins000.dat
2008-04-27 22:13:27 0 d-------- C:\Program Files\Avast4
2008-04-27 22:11:54 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-27 22:05:23 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\exploremenu
2008-04-27 21:46:04 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Talkback
2008-04-27 21:46:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 21:45:58 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Thunderbird
2008-04-27 21:45:58 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Mozilla
2008-04-27 21:42:11 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\Identities
2008-04-27 21:42:02 0 d--h----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\PrintHood
2008-04-27 21:42:02 0 d--h----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\NetHood
2008-04-27 21:42:02 0 dr------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\My Documents
2008-04-27 21:42:02 0 d--h----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Local Settings
2008-04-27 21:42:02 0 dr------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Favorites
2008-04-27 21:42:02 0 d-------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Desktop
2008-04-27 21:42:02 0 d---s---- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Cookies
2008-04-27 21:42:02 0 dr-h----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data
2008-04-27 21:42:01 0 d--h----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Templates
2008-04-27 21:42:01 0 dr------- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Start Menu
2008-04-27 21:42:01 0 dr-h----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\SendTo
2008-04-27 21:42:01 0 dr-h----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Recent
2008-04-27 21:42:01 2359296 --ah----- C:\Documents and Settings\mike.NONE-AE50B4C4EA\NTUSER.DAT
2008-04-27 21:39:58 262144 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-04-27 21:39:58 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-04-27 21:39:58 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-04-27 21:39:58 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-04-27 21:39:58 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-04-27 21:39:48 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-04-27 21:39:48 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-04-27 21:39:48 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-04-27 21:39:48 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-04-27 21:39:47 253952 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-04-27 21:34:14 253952 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-04-27 21:32:44 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-04-27 21:30:00 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-27 21:29:34 0 d-------- C:\Program Files\Online Services
2008-04-27 18:09:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-27 18:08:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-04-27 17:08:41 0 d-------- C:\Documents and Settings\mike\Application Data\Malwarebytes
2008-04-27 16:31:04 0 d-------- C:\cmdcons
2008-04-27 14:14:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-27 14:13:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-27 14:12:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 14:12:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 14:11:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-27 14:11:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-27 14:00:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-27 13:59:31 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-04-27 13:59:31 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-04-27 13:59:31 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-04-27 13:59:31 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-04-27 13:59:31 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-04-27 13:59:31 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-04-27 13:59:31 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-04-27 13:59:31 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-04-27 13:59:31 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-04-27 13:59:31 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-04-27 13:59:31 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-04-27 13:59:31 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-04-27 13:59:31 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-04-27 13:59:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-04-27 13:59:31 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-04-27 13:59:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-04-27 13:58:33 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-04-27 13:58:33 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-04-27 13:58:33 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-04-27 13:58:33 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-04-27 13:47:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-27 13:47:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-27 13:47:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-27 13:47:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-27 13:47:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-27 13:47:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-27 13:47:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-27 13:47:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-27 13:47:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-27 13:47:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-27 13:47:35 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-27 13:47:24 0 d--hs---- C:\WINDOWS\CSC
2008-04-27 01:14:37 0 d-------- C:\WINDOWS\system32\wTMP
2008-04-27 01:14:20 0 d-------- C:\Program Files\Collectorz.com
2008-04-27 01:14:15 0 d-------- C:\WINDOWS\system32\pnVes06
2008-04-27 01:14:14 0 d-------- C:\Temp
2008-04-27 01:13:37 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-26 19:56:37 0 d-------- C:\Program Files\Comic Collector Live
2008-04-23 20:32:39 0 d-------- C:\Program Files\GStudio6
2008-04-15 19:44:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-15 17:36:11 0 d-------- C:\Documents and Settings\mike\Application Data\WinRAR
2008-04-14 20:01:50 0 d-------- C:\Program Files\Common Files\Bcgsoft
2008-04-14 19:58:10 0 d-------- C:\Program Files\FPS Creator
2008-04-14 19:56:03 0 d-------- C:\Program Files\MagicDisc


-- Find3M Report ---------------------------------------------------------------

2008-04-29 13:32:52 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-29 13:21:13 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-28 20:30:33 0 d-------- C:\Program Files\PowerISO
2008-04-27 22:28:03 0 d-------- C:\Program Files\Yahoo!
2008-04-27 21:31:03 0 d-------- C:\Program Files\Movie Maker
2008-04-27 21:29:29 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-27 21:26:51 0 d-------- C:\Program Files\Messenger
2008-04-27 21:26:37 0 d-------- C:\Program Files\Windows NT
2008-04-27 14:14:46 129 --a------ C:\Program Files\Task manager disabled, pop ups, wallpaper changed [RESOLVED] - Geeks to Go!.URL
2008-04-27 13:59:31 62 --ahs---- C:\Documents and Settings\mike.NONE-AE50B4C4EA\Application Data\desktop.ini
2008-04-23 20:21:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-17 09:25:09 0 d-------- C:\Program Files\uTorrent
2008-04-14 20:01:50 0 d-------- C:\Program Files\Common Files
2008-04-09 20:10:24 0 d-------- C:\Program Files\Trillian Pro
2008-03-29 19:06:30 0 d-------- C:\Program Files\WinCHM
2008-03-25 17:24:38 0 d-------- C:\Program Files\FLV To AVI Converter - Pazera
2008-03-24 23:49:07 0 d-------- C:\Program Files\Common Files\WinCHM
2008-03-24 23:48:43 0 d-------- C:\Program Files\Help Creator
2008-03-24 19:12:10 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-24 19:09:05 0 d-------- C:\Program Files\Logitech
2008-03-23 18:48:41 0 d-------- C:\Program Files\BitTyrant
2008-03-17 18:04:59 0 d-------- C:\Program Files\Rosetta Stone 3
2008-03-16 16:33:19 0 d-------- C:\Program Files\The Rosetta Stone 3
2008-03-13 18:48:05 0 d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2008-03-09 18:10:57 0 d-------- C:\Program Files\VirtualDubMod
2008-03-08 13:50:03 0 d-------- C:\Program Files\TagRename
2008-03-07 21:00:29 0 d-------- C:\Program Files\DVDlabPro
2008-03-06 22:46:31 0 d-------- C:\Program Files\iTunes
2008-03-06 22:46:22 0 d-------- C:\Program Files\iPod
2008-03-06 22:45:54 0 d-------- C:\Program Files\Bonjour
2008-03-06 22:45:42 0 d-------- C:\Program Files\QuickTime
2008-03-06 22:44:24 0 d-------- C:\Program Files\Apple Software Update
2008-03-06 22:43:59 0 d-------- C:\Program Files\Common Files\Apple
2008-03-01 20:19:25 169 --a------ C:\wallpaper.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/27/2008 10:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll




-- End of Deckard's System Scanner: finished at 2008-04-29 15:33:15 ------------
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

#11
schplurg

schplurg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
This Kaspersky has been scanning 2 hours and is at 2% with only 16000 files scanned. Is this typical? It's been on my email folder most of the time.

Meanwhile, it told me to disable my virus program, which means I'll be wide open for about 50 hours, unless Kasp is now monitoring my PC. I may reset the scan.
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You can keep your antivirus program active it will not affect it.
Kaspersky is like any other virus scan it scans your entire computer.
With out it I do not see any malware files in your logs..
Please either post the kaspersky scan or if it is too long you can e-mail it to me kahdah at aol.com replace the at with @
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP