Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojandownloader [CLOSED]


  • This topic is locked This topic is locked

#16
Trusoldier626

Trusoldier626

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the 2 logs u requested:

SmitFraudFix v2.320

Scan done at 7:23:05.10, Wed 05/21/2008
Run from C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\accesss.exe Deleted
C:\WINDOWS\astctl32.ocx Deleted
C:\WINDOWS\avpcc.dll Deleted
C:\WINDOWS\clrssn.exe Deleted
C:\WINDOWS\cpan.dll Deleted
C:\WINDOWS\loader.exe Deleted
C:\WINDOWS\mtwirl32.dll Deleted
C:\WINDOWS\notepad32.exe Deleted
C:\WINDOWS\time.exe Deleted
C:\WINDOWS\users32.exe Deleted
C:\WINDOWS\waol.exe Deleted
C:\WINDOWS\win64.exe Deleted
C:\WINDOWS\winajbm.dll Deleted
C:\WINDOWS\window.exe Deleted
C:\WINDOWS\winmgnt.exe Deleted
C:\WINDOWS\xplugin.dll Deleted
C:\WINDOWS\xxxvideo.hta Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6F3C6712-3164-4271-BC8C-A96530F7C445}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D0AD287-33FE-48B6-B7FA-EEE3CB007728}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D0AD287-33FE-48B6-B7FA-EEE3CB007728}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6F3C6712-3164-4271-BC8C-A96530F7C445}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8D0AD287-33FE-48B6-B7FA-EEE3CB007728}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6F3C6712-3164-4271-BC8C-A96530F7C445}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8D0AD287-33FE-48B6-B7FA-EEE3CB007728}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End








Malwarebytes' Anti-Malware 1.12
Database version: 760

Scan type: Quick Scan
Objects scanned: 46146
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#17
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That's looking very good.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
    • Click OK
    • Now under Select a target to scan:
      My Computer
  • The program will start and scan your system & will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file as C:\scan.txt.

You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.
Also please include the text from C:\scan.txt.

Cheers,

sage5
  • 0

#18
Trusoldier626

Trusoldier626

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Heres the 2 logs u requested....


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 21, 2008 6:19:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/05/2008
Kaspersky Anti-Virus database records: 791626
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 43249
Number of viruses found: 5
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:09:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\AIMPro\log\apExtCmp.log Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-21-2008( 14-48-54 ).LOG Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\151897.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\151897.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\151897.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\151897.exe WiseSFXDropper: infected - 2 skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\BearShareV6.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\BearShareV6.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\BearShareV6.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\BearShareV6.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\BearShareV6.exe WiseSFXDropper: infected - 3 skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbdam Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbdao Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbeam Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbeao Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbm Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\fii.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\fiih.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\hp Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\rpm.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Google\Google Desktop\bd9d91c09e4b\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\History\History.IE5\MSHist012008052120080522\index.dat Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Temp\Perflib_Perfdata_6a8.dat Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Temp\trace.txt Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Temp\tricon-aol.txt Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Temp\~DF1209.tmp Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Temp\~DF6749.tmp Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\ntuser.dat Object is locked skipped
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_TruSoldier.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_TruSoldier.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_TruSoldier.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C9B2C2FA-6C83-4FB8-AF82-2667CF547F58}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



AND


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:11 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.198.1.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

--
End of file - 7434 bytes
  • 0

#19
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Trusoldier626,

Just a couple of small deletions remain:

Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"

  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Try to delete the following:
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\151897.exe
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Desktop\download installs\BearShareV6.exe

If you run into any opposition restart in Safe Mode and retry.


Run Deckard's System Scanner:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /config
  • In the Modules window click the Check All button
  • Click the Scan! button
  • Scans will run, and 2 text files will open in Notepad.
  • Paste the text from both files into your next reply.


Cheers,

sage5
  • 0

#20
Trusoldier626

Trusoldier626

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
sorry it took so long was out of town.. here is the logs


Deckard's System Scanner v20071014.68
Run by TruSoldier on 2008-05-25 00:40:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-05-25 04:40:32 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-05-24 18:58:17 UTC - RP9 - System Checkpoint
8: 2008-05-23 18:25:53 UTC - RP8 - System Checkpoint
7: 2008-05-22 17:26:59 UTC - RP7 - System Checkpoint
6: 2008-05-21 16:55:46 UTC - RP6 - System Checkpoint


-- First Restore Point --
1: 2008-05-19 15:06:02 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as TruSoldier.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:55 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TRUSOL~1.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.198.1.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

--
End of file - 7430 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080525-003526-210 O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
backup-20080525-003526-413 O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 576)
2008-05-21 07:52:09 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2006-07-01 20:56:20 3584 --a----c- C:\WINDOWS\system32\WgaLogon.dll

C:\WINDOWS\explorer.exe (pid 1188)
2006-07-05 08:29:26 6144 --a----c- C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Inc. idle>
2008-05-21 07:52:09 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-21 15:33:25 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\Comodo
2008-05-21 15:33:23 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-05-21 15:33:22 0 d-------- C:\Program Files\COMODO
2008-05-21 15:29:13 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-21 15:29:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 13:13:21 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-05-19 11:18:42 68096 --a------ C:\WINDOWS\zip.exe
2008-05-19 11:18:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-19 11:18:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-19 11:18:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-19 11:18:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-19 11:18:42 98816 --a------ C:\WINDOWS\sed.exe
2008-05-19 11:18:42 80412 --a------ C:\WINDOWS\grep.exe
2008-05-19 11:18:42 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-18 22:59:52 2719744 --a------ C:\Documents and Settings\TruSoldier.HOME-07CA65A179\ntuser.dat
2008-05-17 23:57:43 1516 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 23:57:06 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-17 23:57:06 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-17 23:57:06 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-17 23:57:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-17 23:57:06 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-17 23:57:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-17 23:57:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-17 23:57:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-17 23:34:40 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\Malwarebytes
2008-05-17 23:34:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 23:34:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-17 23:32:09 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\OTScanIt
2008-05-17 21:50:02 0 d-------- C:\Program Files\Trend Micro
2008-05-17 21:48:27 0 d-------- C:\Program Files\ispfix
2008-05-17 18:09:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-17 18:08:25 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-17 18:08:25 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-17 18:08:25 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-17 18:08:25 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-17 18:08:25 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-17 18:08:24 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-17 18:08:24 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-17 18:08:24 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-17 18:08:24 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-17 18:08:24 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-17 18:08:24 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-05-17 18:08:24 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-17 18:08:24 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-17 18:08:24 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-17 16:54:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-17 16:54:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 16:54:21 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\SUPERAntiSpyware.com
2008-05-17 16:54:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 15:54:52 24576 --a------ C:\WINDOWS\svcinit.exe
2008-05-17 15:54:52 30976 --a------ C:\WINDOWS\sistem.exe
2008-05-17 15:54:52 13824 --a------ C:\WINDOWS\searchword.dll
2008-05-17 15:54:51 18432 --a------ C:\WINDOWS\quicken.exe
2008-05-17 15:54:51 25088 --a------ C:\WINDOWS\qttasks.exe
2008-05-17 15:54:50 14336 --a------ C:\WINDOWS\mswsc20.dll
2008-05-17 15:54:50 15872 --a------ C:\WINDOWS\mswsc10.dll
2008-05-17 15:54:50 30464 --a------ C:\WINDOWS\msupdate.exe
2008-05-17 15:54:49 28928 --a------ C:\WINDOWS\mssys.exe
2008-05-17 15:54:49 15104 --a------ C:\WINDOWS\msspi.dll
2008-05-17 15:54:49 27392 --a------ C:\WINDOWS\msconfd.dll
2008-05-17 15:54:49 13824 --a------ C:\WINDOWS\internet.exe
2008-05-17 15:54:49 10496 --a------ C:\WINDOWS\inetinf.exe
2008-05-17 15:54:48 21248 --a------ C:\WINDOWS\helpcvs.exe
2008-05-17 15:54:48 29696 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-17 15:54:48 29952 --a------ C:\WINDOWS\funny.exe
2008-05-17 15:54:47 26624 --a------ C:\WINDOWS\funniest.exe
2008-05-17 15:54:46 32000 --a------ C:\WINDOWS\editpad.exe
2008-05-17 15:54:46 22272 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-17 15:54:46 25088 --a------ C:\WINDOWS\directx32.exe
2008-05-17 15:54:46 22016 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-17 15:54:45 32512 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-17 15:49:33 10059 --a------ C:\startup.exe
2008-05-17 15:48:41 0 d-------- C:\WINDOWS\system32\dFrnx06
2008-05-17 15:48:41 0 d-------- C:\Temp
2008-05-17 15:48:10 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-03 11:50:37 0 d-------- C:\Program Files\Three Rings Design
2008-05-02 18:11:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-05-02 18:11:05 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\Google
2008-05-02 18:09:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-05-02 18:09:44 0 d-------- C:\Program Files\Google
2008-05-01 06:41:15 0 d-------- C:\Program Files\ConnectUO Desktop


-- Find3M Report ---------------------------------------------------------------

2008-05-24 11:16:46 0 d-------- C:\Program Files\Blaze Media Pro
2008-05-21 16:54:51 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\Adobe
2008-05-17 16:54:04 0 d-------- C:\Program Files\Common Files
2008-05-17 15:58:44 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\AVG7
2008-05-17 15:51:25 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\Azureus
2008-05-03 11:50:12 0 d-------- C:\Program Files\Java
2008-05-02 16:39:01 0 d-------- C:\Program Files\Razor
2008-05-02 16:37:12 0 d-------- C:\Program Files\Real
2008-04-23 23:43:57 0 d-------- C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\Real
2008-04-11 23:38:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 23:38:56 0 d-------- C:\Program Files\EA Games
2008-04-11 23:38:41 0 d-------- C:\Program Files\Common Files\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 03:55 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 03:51 PM]
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [07/18/2006 08:11 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:31 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/25/2006 08:14 PM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [11/10/2003 04:06 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [01/28/2002 12:48 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/02/2008 06:10 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/21/2008 03:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/05/2006 08:29 AM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/03/2008 01:53 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/21/2008 07:52 AM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/21/2008 07:52 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/21/2008 07:52 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-05-25 00:42:48 ------------






and the 2nd




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 759.48 MiB / 385.5 MiB
Pagefile Memory (total/avail): 2229.18 MiB / 1853.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.33 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 73.82 GiB free.
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160023A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"="C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe:*:Enabled:AIM Pro"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"="C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe:*:Disabled:Ultima Online Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-07CA65A179
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\TruSoldier.HOME-07CA65A179
LOGONSERVER=\\HOME-07CA65A179
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TRUSOL~1.HOM\LOCALS~1\Temp
TMP=C:\DOCUME~1\TRUSOL~1.HOM\LOCALS~1\Temp
USERDOMAIN=HOME-07CA65A179
USERNAME=TruSoldier
USERPROFILE=C:\Documents and Settings\TruSoldier.HOME-07CA65A179
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

TruSoldier.HOME-07CA65A179 (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AIM Pro --> MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Blaze Media Pro --> "C:\Documents and Settings\All Users.WINDOWS\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
ConnectUO Desktop --> MsiExec.exe /I{43C817DE-8C05-4792-89FE-C818BADA28D3}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IGN Download Manager 2.2.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark Supplies Monitor --> C:\WINDOWS\system32\LXSMUNIN.EXE
Lexmark Z25-Z35 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXAXUN5C.EXE -dLexmark Z25-Z35
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Themexp.org File --> C:\PROGRA~1\themexp\THEMEX~1.ORG\UNWISE.EXE C:\PROGRA~1\themexp\THEMEX~1.ORG\INSTALL.LOG
Theorica Divx ;-) Codecs (remove only) --> C:\Program Files\Theorica Divx ;-) Codecs\Uninstall.exe
Ultima Online: Mondain's Legacy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}\setup.exe" -l0x9 -removeonly
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type595 / Error
Event Submitted/Written: 05/21/2008 08:32:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type594 / Error
Event Submitted/Written: 05/21/2008 08:32:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type590 / Error
Event Submitted/Written: 05/21/2008 04:54:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash9.ocx, version 9.0.16.0, fault address 0x0010e642.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type588 / Error
Event Submitted/Written: 05/21/2008 03:30:05 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type572 / Error
Event Submitted/Written: 05/19/2008 04:57:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02b59350.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3328 / Error
Event Submitted/Written: 05/24/2008 03:19:51 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6F3C6712-3164-4271-BC8C-A96530F7C445}.
The backup browser is stopping.

Event Record #/Type3327 / Warning
Event Submitted/Written: 05/24/2008 03:16:26 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\NICHOLAS on the network \Device\NetBT_Tcpip_{6F3C6712-3164-4271-BC8C-A96530F7C445}.
The data is the error code.

Event Record #/Type3307 / Error
Event Submitted/Written: 05/24/2008 02:38:15 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
StyleXPHelper

Event Record #/Type3306 / Error
Event Submitted/Written: 05/24/2008 02:38:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The StyleXPService service failed to start due to the following error:
%%2

Event Record #/Type3303 / Warning
Event Submitted/Written: 05/24/2008 10:40:30 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "Xprt Message Window"



-- End of Deckard's System Scanner: finished at 2008-05-25 00:42:48 ------------
  • 0

#21
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Trusoldier626,

I see you have Azureus installed on your system.
While the program itself is legal, most of the files downloaded with it, are not.
These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling Azureus as outlined below.


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Azureus
    J2SE Runtime Environment 5.0 Update 7

    Please take note of any other programs that you don't recognise in that list, and include them in your next response

Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\svcinit.exe
C:\WINDOWS\sistem.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\quicken.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mssys.exe
C:\WINDOWS\msspi.dll
C:\WINDOWS\msconfd.dll
C:\WINDOWS\internet.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\funny.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctfmon32.exe
C:\startup.exe
C:\WINDOWS\system32\hljwugsf.bin

Folder::
C:\WINDOWS\system32\dFrnx06
C:\Program Files\Azureus
C:\Documents and Settings\TruSoldier.HOME-07CA65A179\Application Data\Azureus

  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#22
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP