Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected by Trj/ Rebooter. J [RESOLVED]


  • This topic is locked This topic is locked

#1
J4ck

J4ck

    Member

  • Member
  • PipPip
  • 14 posts
Hi Guys :)

I have a Pentium 4 Dual core 3.2Ghz machine and I am running Windows XP SP2 as OS. I have downloaded lates wersions of Ad Aware SE, Spybot search & destroy and AVG Free version 8.0. I have read the faqs and tried some self help tutorials. Ok, here it goes...

About two days ago, My computer started rebooting itself sporadically and without any reason. I will be in the middle of something (e.g. perusing internet) and the computer will restart (without shutting down properly). So I did scans with Ad Aware and Spybot. Nil result. I then ran a scan with Panda Antivirus online scan and it told me that I had "Trj/ Rebooter. J" virus in my system. It was inside a file named "Smitfruadfix.zip" which was located in my unused desktop folder. I clicked the fix button and Panda told me that it had got rid of the problem. I also erased the Smitfruadfix.zip file. I then flushed my system by turning system restore off and then on again. Meanwhile, I had read the Smitfruad tutorial from your site, so I downloaded the "SmitRem.exe" tool. I restarted Windows in the safe mode and ran this tool. I was not given any results and I dont know if it saved a logfile anywhere. I then ran AVG and Ad Aware again in safe mode with nil virus found. I restarted the Windows in normal mode and ran the Panda Antivirus online scan and it told me that I had six infected files but it only showed four minor infections (cookies/PUP) in its log at the end of the scan.

Also, since a month ago, my AVG Antivirus has stopped loading itself when the windows startup. I have to manually double click the AVG icon on desktop and then turn it on from the control centre. I dont know why this is happening. So, can someone please analyse my Hijackthis log (current version) and see if "Trj. Rebooter.J" has left the building or is it still doing a boogey dance somewhere around. Any housekeeping tips regarding cleanup of the hijackthis log will be greatly appreciated.

Thanks for your time and effort

Jack SINGH

********************************************************************************
******************
HIJACKTHIS LOG
********************************************************************************
******************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:55 PM, on 2/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\MSI\Live Update 3\LMonitor.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
H:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
H:\Program Files\Microsoft IntelliType Pro\itype.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\CyberLink\PowerCinema\PCMService.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
H:\Program Files\Netropa\Onscreen Display\OSD.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LiveMonitor] H:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] H:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] H:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] H:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [itype] "H:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AWMON] "H:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "H:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.co...otouploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154593540515
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://tsweb.csu.edu...tsweb/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - H:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8867 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
J4ck

J4ck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Rorschach112,

Thank you for your troubles in scanning my logs and giving me a hand with this problem. I have run the scans in the order that you advised and I have posted the results in this reply. I will post the scan results of the Kespersky Scanner and Hijack this log in this post and I will post the scan results from DSS in another reply so that I dont run out of space in the single post.

I noticed that the scans did not find any infected objects. As, stated in my original post, I did perform some scans and fixes as suggested in the "How to do it yourslef" forum and maybe these tests and fixes have fixed the problem. I just want to make sure that there is no parent directory holding the virus that might regenarate itself after a few days. Any other tips on cleaning up my logs with extra or unneccesary stuff would be greatly appreciated. Thanks again for your time and effort.

Jack :)


HIJACKTHIS LOGFILE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:53 PM, on 7/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\MSI\Live Update 3\LMonitor.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
H:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
H:\Program Files\Microsoft IntelliType Pro\itype.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\CyberLink\PowerCinema\PCMService.exe
H:\WINDOWS\system32\rundll32.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
H:\Program Files\Netropa\Onscreen Display\OSD.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Documents and Settings\Owner\Desktop\dss.exe
H:\DOCUME~1\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LiveMonitor] H:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] H:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] H:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] H:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [itype] "H:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "H:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.co...otouploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154593540515
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://tsweb.csu.edu...tsweb/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - H:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9376 bytes

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
KESPERSKY SCAN RESULTS
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 07, 2008 2:07:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 743221
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
D:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 110899
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:49:46

Infected Object Name / Virus Name / Last Action
H:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12082006-102146.log Object is locked skipped
H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_721C_AA5A_1CAA_195D\dfsr.db Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_721C_AA5A_1CAA_195D\fsr.log Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_721C_AA5A_1CAA_195D\fsrtmp.log Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_721C_AA5A_1CAA_195D\tmp.edb Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{071D22CE-444D-4DC0-8CA7-348B94647669} Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Temp\~DF1B58.tmp Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Temp\~DF1B6F.tmp Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Temp\~DF498D.tmp Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Temp\~DF49D2.tmp Object is locked skipped
H:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
H:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{D12F43DC-7789-41E6-8292-3A9192F60C26}\RP3\change.log Object is locked skipped
H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
H:\WINDOWS\SchedLgU.Txt Object is locked skipped
H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
H:\WINDOWS\Sti_Trace.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\default Object is locked skipped
H:\WINDOWS\system32\config\default.LOG Object is locked skipped
H:\WINDOWS\system32\config\Internet.evt Object is locked skipped
H:\WINDOWS\system32\config\SAM Object is locked skipped
H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\SECURITY Object is locked skipped
H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
H:\WINDOWS\system32\config\software Object is locked skipped
H:\WINDOWS\system32\config\software.LOG Object is locked skipped
H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\system Object is locked skipped
H:\WINDOWS\system32\config\system.LOG Object is locked skipped
H:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
H:\WINDOWS\system32\h323log.txt Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
H:\WINDOWS\wiadebug.log Object is locked skipped
H:\WINDOWS\wiaservc.log Object is locked skipped
H:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



DSS results in next reply. Thanks
  • 0

#4
J4ck

J4ck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
DSS Scan results

MAIN.TXT FILE

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-07 14:07:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-05-07 04:08:03 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-05-06 05:58:24 UTC - RP3 - System Checkpoint
2: 2008-05-05 02:59:18 UTC - RP2 - System Checkpoint
1: 2008-05-04 02:25:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:53 PM, on 7/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\MSI\Live Update 3\LMonitor.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
H:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
H:\Program Files\Microsoft IntelliType Pro\itype.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\CyberLink\PowerCinema\PCMService.exe
H:\WINDOWS\system32\rundll32.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
H:\Program Files\Netropa\Onscreen Display\OSD.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Documents and Settings\Owner\Desktop\dss.exe
H:\DOCUME~1\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LiveMonitor] H:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] H:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] H:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] H:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [itype] "H:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "H:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.co...otouploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154593540515
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://tsweb.csu.edu...tsweb/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - H:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9376 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - h:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 cercsr6 - h:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
S3 RushTopDevice - h:\program files\msi\core center\rushtop.sys <Not Verified; MICRO-STAR INT'L CO., LTD.; MSI CoreCenter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nhksrv (Netropa NHK Server) - h:\program files\netropa\multimedia keyboard\nhksrv.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 10:35:11 330 --ah----- H:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 10:56:45 0 d-------- H:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 10:56:43 0 d-------- H:\WINDOWS\system32\Kaspersky Lab
2008-05-07 10:56:43 0 d-------- H:\WINDOWS\LastGood
2008-05-04 12:17:43 0 dr-h----- H:\Documents and Settings\Owner\Recent
2008-05-03 14:53:44 68096 --a------ H:\WINDOWS\zip.exe
2008-05-03 14:53:44 49152 --a------ H:\WINDOWS\VFind.exe
2008-05-03 14:53:44 212480 --a------ H:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-03 14:53:44 136704 --a------ H:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-03 14:53:44 161792 --a------ H:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-03 14:53:44 98816 --a------ H:\WINDOWS\sed.exe
2008-05-03 14:53:44 80412 --a------ H:\WINDOWS\grep.exe
2008-05-03 14:53:44 73728 --a------ H:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-02 19:43:45 32 -ra------ H:\Documents and Settings\Owner\hash.dat
2008-05-01 23:48:51 0 d--h----- H:\$AVG8.VAULT$
2008-05-01 22:10:10 552 --a------ H:\WINDOWS\system32\d3d8caps.dat
2008-05-01 21:57:25 0 d-------- H:\WINDOWS\system32\drivers\Avg
2008-05-01 21:57:17 0 d-------- H:\Program Files\AVG
2008-05-01 21:57:17 0 d-------- H:\Documents and Settings\All Users\Application Data\avg8
2008-04-30 21:03:28 0 d--h----- H:\Documents and Settings\Administrator\Templates
2008-04-30 21:03:28 0 dr------- H:\Documents and Settings\Administrator\Start Menu
2008-04-30 21:03:28 0 dr-h----- H:\Documents and Settings\Administrator\SendTo
2008-04-30 21:03:28 0 d--h----- H:\Documents and Settings\Administrator\Recent
2008-04-30 21:03:28 0 d--h----- H:\Documents and Settings\Administrator\PrintHood
2008-04-30 21:03:28 786432 --a------ H:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-30 21:03:28 0 d--h----- H:\Documents and Settings\Administrator\NetHood
2008-04-30 21:03:28 0 d-------- H:\Documents and Settings\Administrator\My Documents
2008-04-30 21:03:28 0 d--h----- H:\Documents and Settings\Administrator\Local Settings
2008-04-30 21:03:28 0 d-------- H:\Documents and Settings\Administrator\Favorites
2008-04-30 21:03:28 0 d-------- H:\Documents and Settings\Administrator\Desktop
2008-04-30 21:03:28 0 d--hs---- H:\Documents and Settings\Administrator\Cookies
2008-04-30 21:03:28 0 dr-h----- H:\Documents and Settings\Administrator\Application Data
2008-04-30 21:03:28 0 d---s---- H:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-30 20:03:09 0 d-------- H:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-30 19:43:39 0 d-------- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 22:14:57 0 d-------- H:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-05-05 22:12:49 0 d-------- H:\Program Files\PokerStars
2008-05-04 21:13:59 0 d-------- H:\Program Files\Apache2
2008-05-02 19:19:15 0 d-------- H:\Program Files\Java
2008-05-01 23:50:59 0 d-------- H:\Program Files\D-Tools
2008-05-01 23:48:56 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 20:03:09 0 d-------- H:\Program Files\Lavasoft
2008-04-30 19:28:54 0 d-------- H:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-06 14:00:41 0 d-------- H:\Program Files\FLVPlayer4Free
2008-04-04 13:24:42 0 d-------- H:\Documents and Settings\Owner\Application Data\U3
2008-03-15 12:23:37 0 d-------- H:\Program Files\Windows Live
2008-03-15 12:23:07 0 d--hs--c- H:\Program Files\Common Files\WindowsLiveInstaller
2008-03-15 12:22:42 0 d-------- H:\Program Files\Common Files
2008-03-14 22:37:56 0 d-------- H:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-08 11:04:27 0 d-------- H:\Program Files\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiveMonitor"="H:\Program Files\MSI\Live Update 3\LMonitor.exe" [11/07/2005 10:44 AM]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50 AM]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [08/03/2006 09:24 AM]
"nwiz"="nwiz.exe" [08/03/2006 09:24 AM H:\WINDOWS\system32\nwiz.exe]
"SW20"="H:\WINDOWS\system32\sw20.exe" [22/02/2006 04:46 PM]
"SW24"="H:\WINDOWS\system32\sw24.exe" [22/02/2006 04:46 PM]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [08/03/2006 09:24 AM]
"SoundMan"="SOUNDMAN.EXE" [01/03/2006 04:22 PM H:\WINDOWS\soundman.exe]
"EPSON Stylus CX3700 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.exe" [08/02/2005 05:00 AM]
"MULTIMEDIA KEYBOARD"="H:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [30/09/2003 07:09 AM]
"itype"="H:\Program Files\Microsoft IntelliType Pro\itype.exe" [04/12/2005 04:38 PM]
"Windows Defender"="H:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 05:20 PM]
"PCMService"="H:\Program Files\CyberLink\PowerCinema\PCMService.exe" [03/11/2004 04:53 PM]
"AVG8_TRAY"="H:\PROGRA~1\AVG\AVG8\avgtray.exe" [01/05/2008 09:57 PM]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 10:34 AM]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/06/2007 08:55 PM]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=H:\Program Files\Picasa2\PicasaMediaDetector.exe
"swg"=H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

H:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 9:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d68d647c-2315-11db-ae1c-806d6172696f}]
PlayWithPowerCinema\Command- "H:\Program Files\CyberLink\PowerCinema\PCM3.exe" MOVIE "%L"

*Newly Created Service* - WEBNTACCESS



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-07 14:09:30 ------------



EXTRA.TXT FILE

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.20GHz
CPU 1: Intel® Pentium® D CPU 3.20GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1023.36 MiB / 499.93 MiB
Pagefile Memory (total/avail): 2461.38 MiB / 2034.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.44 MiB

D: is CDROM (No Media)
H: is Fixed (NTFS) - 186.3 GiB total, 152.74 GiB free.
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2004C - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\\Program Files\\BitLord\\BitLord.exe"="H:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"H:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="H:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"H:\\Program Files\\Messenger\\msmsgs.exe"="H:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\\Program Files\\LimeWire\\LimeWire.exe"="H:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\Google\\Google Talk\\googletalk.exe"="H:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"H:\\WINDOWS\\system32\\dpvsetup.exe"="H:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"H:\\WINDOWS\\system32\\rundll32.exe"="H:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"H:\\WINDOWS\\system32\\mmc.exe"="H:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\\Program Files\\AVG\\AVG8\\avgupd.exe"="H:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"H:\\Program Files\\AVG\\AVG8\\avgemc.exe"="H:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=H:\Documents and Settings\All Users
APPDATA=H:\Documents and Settings\Owner\Application Data
CLASSPATH=.;H:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=H:\Program Files\Common Files
COMPUTERNAME=USER-548A9B8FB7
ComSpec=H:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=H:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\USER-548A9B8FB7
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=H:\WINDOWS\system32;H:\WINDOWS;H:\WINDOWS\system32\wbem;H:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=H:\Program Files
PROMPT=$P$G
QTJAVA=H:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=H:
SystemRoot=H:\WINDOWS
TEMP=H:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=H:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=USER-548A9B8FB7
USERNAME=Owner
USERPROFILE=H:\Documents and Settings\Owner
windir=H:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> H:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> H:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> H:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE H:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AltoMP3 Gold 5.12 --> H:\Program Files\AltoMP3 Gold\uninst.exe
Ambush Pack 1.00 for Pocket Tanks Deluxe --> "H:\Program Files\Pocket Tanks Deluxe\unins006.exe"
Audio Maker --> H:\Program Files\Xilisoft\Audio Maker\Uninstall.exe
AVG Free 8.0 --> H:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Baraha 7.0 --> "H:\Program Files\Baraha 7.0\unins000.exe"
BitLord 1.1 --> H:\Program Files\BitLord\uninst.exe
Brothers In Arms --> H:\Program Files\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe uninstall "BrothersInArms"
CCleaner (remove only) --> "H:\Program Files\CCleaner\uninst.exe"
Chaos Pack 1.00 for Pocket Tanks Deluxe --> "H:\Program Files\Pocket Tanks Deluxe\unins005.exe"
CloneDVD 3.5 --> "H:\Program Files\CloneDVD\unins000.exe"
Core Center --> H:\WINDOWS\IsUninst.exe -f"H:\Program Files\MSI\Core Center\Uninst.isu"
DVD Decrypter (Remove Only) --> "H:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "H:\Program Files\DVD Shrink\unins000.exe"
EPSON Attach To Email --> H:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Image Clip Palette --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u
EPSON Printer Software --> H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> H:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESCX3700 User's Guide --> H:\Program Files\EPSON\TPMANUAL\ESCX3700\USE_G\DOCUNINS.EXE
Famtree v4 --> H:\WINDOWS\ST5UNST.EXE -n "H:\Program Files\Famtree v4\ST5UNST.LOG"
Flamethrower Pack 1.00 for Pocket Tanks Deluxe --> "H:\Program Files\Pocket Tanks Deluxe\unins004.exe"
FLVPlayer4Free Free FLV Player 2.6.0.0 --> "H:\Program Files\FLVPlayer4Free\unins000.exe"
Full Tilt Poker.Org --> "H:\Program Files\InstallShield Installation Information\{87D9C3BD-06DA-462A-8447-0B44718AACE6}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only) --> "H:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "h:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> H:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.16.6 --> "H:\Program Files\LimeWire\uninstall.exe"
Logitech Gaming Software --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Macromedia Flash Player 8 --> MsiExec.exe /X{0A28C610-EE06-4A33-BB56-A2155B524916}
Magic ISO Maker v4.6 (build 0124) --> H:\PROGRA~1\MagicISO\UNWISE.EXE H:\PROGRA~1\MagicISO\INSTALL.LOG
MakeDVD 1.0 --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
Meteor Pack 1.00 for Pocket Tanks Deluxe --> "H:\Program Files\Pocket Tanks Deluxe\unins003.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "H:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MotionDV STUDIO 5.3E LE for DV --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}\setup.exe" UNINSTALL
MP3 Player Utilities 4.00 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MSI Live Update 3 --> H:\WINDOWS\IsUninst.exe -f"H:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN --> H:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero Suite --> H:\Program Files\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
Nuke Pack 1.00 for Pocket Tanks Deluxe --> "H:\Program Files\Pocket Tanks Deluxe\unins002.exe"
NVIDIA Drivers --> H:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office Keyboard --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\setup.exe" -l0x9
Panda ActiveScan 2.0 --> H:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Picasa 2 --> "H:\Program Files\Picasa2\Uninstall.exe"
PIF DESIGNER --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Pocket Tanks Deluxe 1.00a --> "H:\Program Files\Pocket Tanks Deluxe\unins000.exe"
PokerStars --> H:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
Power Pack 1.00 for Pocket Tanks Deluxe --> "H:\Program Files\Pocket Tanks Deluxe\unins001.exe"
PowerCinema 3.0 --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Riva FLV Encoder 2.0 --> "H:\Documents and Settings\Owner\My Documents\My Videos\Riva FLV Encoder 2.0\unins000.exe"
Spybot - Search & Destroy --> "H:\Program Files\Spybot - Search & Destroy\unins000.exe"
vanBasco's Karaoke Player --> H:\Program Files\vanBasco's Karaoke Player\uninst.exe
Video Stream Driver for Panasonic DVC --> H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9A97D672-6C93-4DFA-B527-DE005A761495} /l1033
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> H:\Program Files\WinRAR\uninstall.exe
World Series Of Poker --> H:\WINDOWS\iun506.exe H:\Program Files\Activision Value\World Series Of Poker\irunin.ini


-- Application Event Log -------------------------------------------------------

Event Record #/Type12054 / Success
Event Submitted/Written: 05/07/2008 10:32:58 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12046 / Success
Event Submitted/Written: 05/07/2008 10:22:18 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12042 / Warning
Event Submitted/Written: 05/06/2008 11:09:46 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type12028 / Success
Event Submitted/Written: 05/06/2008 02:33:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12012 / Error
Event Submitted/Written: 05/06/2008 02:09:07 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31479 / Warning
Event Submitted/Written: 05/07/2008 02:09:08 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%USER-548A9B8FB727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %USER-548A9B8FB727 can't undo changes that you allow.

For more information please see the following:
%USER-548A9B8FB7275

Scan ID: {37E6E63A-3034-403C-9AEB-3297FC165C5E}

User: USER-548A9B8FB7\Owner

Name: %USER-548A9B8FB7271

ID: %USER-548A9B8FB7272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %USER-548A9B8FB7276

Alert Type: %USER-548A9B8FB7278

Detection Type: 1.1.1593.02

Event Record #/Type31478 / Warning
Event Submitted/Written: 05/07/2008 02:09:08 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%USER-548A9B8FB727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %USER-548A9B8FB727 can't undo changes that you allow.

For more information please see the following:
%USER-548A9B8FB7275

Scan ID: {D7B449F6-6C5B-4BC2-A427-3C13E089B420}

User: USER-548A9B8FB7\Owner

Name: %USER-548A9B8FB7271

ID: %USER-548A9B8FB7272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %USER-548A9B8FB7276

Alert Type: %USER-548A9B8FB7278

Detection Type: 1.1.1593.02

Event Record #/Type31477 / Warning
Event Submitted/Written: 05/07/2008 02:09:08 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%USER-548A9B8FB727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %USER-548A9B8FB727 can't undo changes that you allow.

For more information please see the following:
%USER-548A9B8FB7275

Scan ID: {5FFB1116-F20D-401C-AE75-302D2C75F433}

User: USER-548A9B8FB7\Owner

Name: %USER-548A9B8FB7271

ID: %USER-548A9B8FB7272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %USER-548A9B8FB7276

Alert Type: %USER-548A9B8FB7278

Detection Type: 1.1.1593.02

Event Record #/Type31476 / Warning
Event Submitted/Written: 05/07/2008 02:09:06 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%USER-548A9B8FB727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %USER-548A9B8FB727 can't undo changes that you allow.

For more information please see the following:
%USER-548A9B8FB7275

Scan ID: {048F46CB-0739-4476-9CBA-223A86BA40E5}

User: USER-548A9B8FB7\Owner

Name: %USER-548A9B8FB7271

ID: %USER-548A9B8FB7272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %USER-548A9B8FB7276

Alert Type: %USER-548A9B8FB7278

Detection Type: 1.1.1593.02

Event Record #/Type31475 / Warning
Event Submitted/Written: 05/07/2008 02:09:06 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%USER-548A9B8FB727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %USER-548A9B8FB727 can't undo changes that you allow.

For more information please see the following:
%USER-548A9B8FB7275

Scan ID: {6BFA02A3-4CD3-4C9D-B690-0E3B9F6D71ED}

User: USER-548A9B8FB7\Owner

Name: %USER-548A9B8FB7271

ID: %USER-548A9B8FB7272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %USER-548A9B8FB7276

Alert Type: %USER-548A9B8FB7278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-07 14:09:30 ------------
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

Are you having any visible problems ?
  • 0

#6
J4ck

J4ck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,

There are no visible problems anymore. I guess I got rid of it trying the self help techniques. Thanks again for looking thorugh my logs. Any tips on cleaning up any other junk from the logs? Thanks again.

Jack
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

You can delete the tools that we used


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#8
J4ck

J4ck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:)

Thank you so much.. You are a legend

Jack :)
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP