Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Red circle with white x, and other nasties. Please help me remove them

Started by Cnt-Face , Jun 29 2008 12:57 PM

  • Please log in to reply

#1
Cnt-Face
Posted 29 June 2008 - 12:57 PM

Cnt-Face

    New Member

  • Member
  • Pip
  • 4 posts
Went on a week vacation, came back, and my PC was in shambles. This red x issue is one of a few. But let's start there. Here's my HijackThis log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:32 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe ,
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp clr_optimization_v2.0.50727_32NtLmSsphelpsvc (clr_optimization_v2.0.50727_32NtLmSsphelpsvc) - Unknown owner - C:\WINDOWS\system32\12520850j.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Print Spooler SpoolerTermService (SpoolerTermService) - Unknown owner - C:\WINDOWS\system32\amcompata.exe
O23 - Service: SSDP Discovery Service SSDPSRVUPS (SSDPSRVUPS) - Unknown owner - C:\WINDOWS\system32\activedsf.exe
O23 - Service: Distributed Link Tracking Client TrkWksRpcSs (TrkWksRpcSs) - Unknown owner - C:\WINDOWS\system32\3ivxVfWCodecy.exe
O23 - Service: Volume Shadow Copy VSSImapiService (VSSImapiService) - Unknown owner - C:\WINDOWS\system32\acleditx.exe
O23 - Service: Windows Management Instrumentation Driver Extensions WmiMSDTC (WmiMSDTC) - Unknown owner - C:\WINDOWS\system32\ac3acmmy.exe (file missing)

--
End of file - 4100 bytes
  • 0

Advertisements

#2
kahdah
Posted 29 June 2008 - 01:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Cnt-Face

Welcome to G2Go. :)
=====================
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. (If it will not run then right click on Sdfix and rename it to Sd-Fix then try to run it again.)
Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#3
Cnt-Face
Posted 29 June 2008 - 02:12 PM

Cnt-Face

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Could someone please help me by telling me which of these things from the HijackThis log I can get rid of.
  • 0

#4
kahdah
Posted 29 June 2008 - 02:13 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Fixingthings in Hijackthis will not help right now please see my previous post.
  • 0

#5
Cnt-Face
Posted 29 June 2008 - 03:06 PM

Cnt-Face

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
SDFix: Version 1.198
Run by Christine on Sun 06/29/2008 at 04:46 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
lanmandrv
VBI72

Path :

lanmandrv - Deleted
VBI72 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service asc3550p - Deleted

Checking Files :

Trojan Files Found:

C:\Documents and Settings\Christine\Application Data\Install.dat - Deleted
C:\WINDOWS\SYSTEM32\125208~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\A3DX.EXE - Deleted
C:\WINDOWS\SYSTEM32\AHUIQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\2052K.DLL - Deleted
C:\WINDOWS\SYSTEM32\AC3ACMM.DLL - Deleted
C:\WINDOWS\SYSTEM32\ADVAPI~1.DLL - Deleted
C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted
C:\WINDOWS\nivavir.config - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\qmopt.dll - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\VBI72.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 17:01:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:fe9f239b
"s2"=dword:1e2a8870
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:08,de,f9,15,7e,46,e9,a7,23,1a,a7,c4,13,18,2a,93,89,94,03,9e,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:21,cb,fa,b9,9a,a4,b3,a5,e4,fc,d2,8e,1e,e6,27,cd,e4,63,28,e7,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:08,de,f9,15,7e,46,e9,a7,23,1a,a7,c4,13,18,2a,93,89,94,03,9e,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:21,cb,fa,b9,9a,a4,b3,a5,e4,fc,d2,8e,1e,e6,27,cd,e4,63,28,e7,a8,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\WINDOWS\\kavir.exe"="C:\\WINDOWS\\kavir.exe:*:Enabled:enable"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\WINDOWS\\TEMP\\rld7.tmp"="C:\\WINDOWS\\TEMP\\rld7.tmp:*:Enabled:717D075B486A1739"
"C:\\WINDOWS\\TEMP\\rld34.tmp"="C:\\WINDOWS\\TEMP\\rld34.tmp:*:Enabled:717D075B486A1739"
"C:\\WINDOWS\\TEMP\\rldD.tmp"="C:\\WINDOWS\\TEMP\\rldD.tmp:*:Enabled:717D075B486A1739"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 17 Oct 2006 622,080 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\1042h.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\3ivxVfWCodecy.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\acleditx.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\activedsf.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\alrsvcn.exe"
Fri 11 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\amcompata.exe"
Fri 11 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\amstreamy.exe"
Sat 24 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\BIT133.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\BIT12F.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\37e5b122079a0c7ba85fcc8ce8310ad8\BIT138.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3ea50177a2be10fb0bceff8dd2031cad\BIT12A.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\BIT13C.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\BIT12D.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\BIT12E.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT112.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT2.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c810b29b22044bd72df654fd63ee0af2\BIT135.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\BIT141.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dc6733dab87a46fa9320681df7d8d3c5\BIT131.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e995acae9f2591ac009a4ad305efa874\BIT130.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\BIT139.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f54d9f16cafb3a043d81262b001f62f8\BIT13E.tmp"

Finished!



New HijackThis Log:



SDFix: Version 1.198
Run by Christine on Sun 06/29/2008 at 04:46 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
lanmandrv
VBI72

Path :

lanmandrv - Deleted
VBI72 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service asc3550p - Deleted

Checking Files :

Trojan Files Found:

C:\Documents and Settings\Christine\Application Data\Install.dat - Deleted
C:\WINDOWS\SYSTEM32\125208~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\A3DX.EXE - Deleted
C:\WINDOWS\SYSTEM32\AHUIQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\2052K.DLL - Deleted
C:\WINDOWS\SYSTEM32\AC3ACMM.DLL - Deleted
C:\WINDOWS\SYSTEM32\ADVAPI~1.DLL - Deleted
C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted
C:\WINDOWS\nivavir.config - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\qmopt.dll - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\VBI72.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 17:01:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:fe9f239b
"s2"=dword:1e2a8870
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:08,de,f9,15,7e,46,e9,a7,23,1a,a7,c4,13,18,2a,93,89,94,03,9e,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:21,cb,fa,b9,9a,a4,b3,a5,e4,fc,d2,8e,1e,e6,27,cd,e4,63,28,e7,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:08,de,f9,15,7e,46,e9,a7,23,1a,a7,c4,13,18,2a,93,89,94,03,9e,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:21,cb,fa,b9,9a,a4,b3,a5,e4,fc,d2,8e,1e,e6,27,cd,e4,63,28,e7,a8,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\WINDOWS\\kavir.exe"="C:\\WINDOWS\\kavir.exe:*:Enabled:enable"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\WINDOWS\\TEMP\\rld7.tmp"="C:\\WINDOWS\\TEMP\\rld7.tmp:*:Enabled:717D075B486A1739"
"C:\\WINDOWS\\TEMP\\rld34.tmp"="C:\\WINDOWS\\TEMP\\rld34.tmp:*:Enabled:717D075B486A1739"
"C:\\WINDOWS\\TEMP\\rldD.tmp"="C:\\WINDOWS\\TEMP\\rldD.tmp:*:Enabled:717D075B486A1739"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 17 Oct 2006 622,080 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\1042h.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\3ivxVfWCodecy.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\acleditx.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\activedsf.exe"
Sat 12 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\alrsvcn.exe"
Fri 11 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\amcompata.exe"
Fri 11 Apr 2008 37,888 ..SHR --- "C:\WINDOWS\system32\amstreamy.exe"
Sat 24 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0f66ac0b7ccd71faf6da904f29228240\BIT133.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\10f6872bbc91a277e1a9f6fed17525ba\BIT12F.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\37e5b122079a0c7ba85fcc8ce8310ad8\BIT138.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3ea50177a2be10fb0bceff8dd2031cad\BIT12A.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3f4a1c441b883836dd798a58e2267c01\BIT13C.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c3676a8145aee7e1ea794fa1e50e6bf\BIT12D.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f4012d60daff369f73873817164328b\BIT12E.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT112.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT2.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c810b29b22044bd72df654fd63ee0af2\BIT135.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ca5637d04d95ed9d000d812508931a7b\BIT141.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dc6733dab87a46fa9320681df7d8d3c5\BIT131.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e995acae9f2591ac009a4ad305efa874\BIT130.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\BIT139.tmp"
Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f54d9f16cafb3a043d81262b001f62f8\BIT13E.tmp"

Finished!



Thanks so much!
  • 0

#6
kahdah
Posted 29 June 2008 - 03:33 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#7
Cnt-Face
Posted 29 June 2008 - 03:42 PM

Cnt-Face

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Deckard's System Scanner v20071014.68
Run by Christine on 2008-06-29 17:39:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Christine.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:24 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Christine\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Christine.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp clr_optimization_v2.0.50727_32NtLmSsphelpsvc (clr_optimization_v2.0.50727_32NtLmSsphelpsvc) - Unknown owner - C:\WINDOWS\system32\12520850j.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Print Spooler SpoolerTermService (SpoolerTermService) - Unknown owner - C:\WINDOWS\system32\amcompata.exe
O23 - Service: SSDP Discovery Service SSDPSRVUPS (SSDPSRVUPS) - Unknown owner - C:\WINDOWS\system32\activedsf.exe
O23 - Service: Distributed Link Tracking Client TrkWksRpcSs (TrkWksRpcSs) - Unknown owner - C:\WINDOWS\system32\3ivxVfWCodecy.exe
O23 - Service: Volume Shadow Copy VSSImapiService (VSSImapiService) - Unknown owner - C:\WINDOWS\system32\acleditx.exe
O23 - Service: Windows Management Instrumentation Driver Extensions WmiMSDTC (WmiMSDTC) - Unknown owner - C:\WINDOWS\system32\ac3acmmy.exe (file missing)

--
End of file - 3561 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071126-123707-295 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071126-123707-349 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20071126-123707-610 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20071126-123707-642 O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing)
backup-20071126-123707-819 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20071126-123707-830 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20071126-123707-909 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20071126-123707-957 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20071126-123707-964 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080127-003044-550 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20080127-003044-587 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20080127-003044-796 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
backup-20080127-003044-807 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080127-003044-982 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20080127-003045-101 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080127-003045-888 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
backup-20080412-162702-131 O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
backup-20080412-162702-138 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
backup-20080412-162702-203 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
backup-20080412-162702-308 O4 - HKLM\..\Run: [SystemDrive] C:\WINDOWS\system32\maxpaynow1.exe
backup-20080412-162702-319 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080412-162702-335 O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
backup-20080412-162702-384 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20080412-162702-402 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080412-162702-494 O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\system32\maxpaynowti1.exe
backup-20080412-162702-534 O4 - HKCU\..\Run: [kavir] C:\WINDOWS\kavir.exe
backup-20080412-162703-270 O23 - Service: Volume Shadow Copy VSSImapiService (VSSImapiService) - Unknown owner - C:\WINDOWS\system32\acleditx.exe
backup-20080412-162703-354 O23 - Service: SSDP Discovery Service SSDPSRVUPS (SSDPSRVUPS) - Unknown owner - C:\WINDOWS\system32\activedsf.exe
backup-20080412-162703-407 O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp clr_optimization_v2.0.50727_32NtLmSspdmserver (clr_optimization_v2.0.50727_32NtLmSspdmserver) - Unknown owner - C:\WINDOWS\system32\1042h.exe
backup-20080412-162703-837 O23 - Service: HID Input Service HidServTapiSrv (HidServTapiSrv) - Unknown owner - C:\WINDOWS\system32\amstreamy.exe
backup-20080412-162703-884 O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp (clr_optimization_v2.0.50727_32NtLmSsp) - Unknown owner - C:\WINDOWS\system32\alrsvcn.exe
backup-20080412-162703-935 O23 - Service: Distributed Link Tracking Client TrkWksRpcSs (TrkWksRpcSs) - Unknown owner - C:\WINDOWS\system32\3ivxVfWCodecy.exe
backup-20080412-163430-885 O23 - Service: Distributed Link Tracking Client TrkWksRpcSs (TrkWksRpcSs) - Unknown owner - C:\WINDOWS\system32\3ivxVfWCodecy.exe
backup-20080412-163455-945 O23 - Service: Distributed Link Tracking Client TrkWksRpcSs (TrkWksRpcSs) - Unknown owner - C:\WINDOWS\system32\3ivxVfWCodecy.exe
backup-20080412-163551-167 O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
backup-20080412-163551-269 O23 - Service: SSDP Discovery Service SSDPSRVUPS (SSDPSRVUPS) - Unknown owner - C:\WINDOWS\system32\activedsf.exe
backup-20080412-163551-772 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20080412-163551-804 O23 - Service: HID Input Service HidServTapiSrv (HidServTapiSrv) - Unknown owner - C:\WINDOWS\system32\amstreamy.exe
backup-20080412-163551-938 O23 - Service: Distributed Link Tracking Client TrkWksRpcSs (TrkWksRpcSs) - Unknown owner - C:\WINDOWS\system32\3ivxVfWCodecy.exe
backup-20080412-163551-981 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
backup-20080512-193931-546 O23 - Service: HID Input Service HidServTapiSrv (HidServTapiSrv) - Unknown owner - C:\WINDOWS\system32\amstreamy.exe
backup-20080512-193931-629 O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp clr_optimization_v2.0.50727_32NtLmSsphelpsvc (clr_optimization_v2.0.50727_32NtLmSsphelpsvc) - Unknown owner - C:\WINDOWS\system32\12520850j.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 catchme - c:\docume~1\christ~1\locals~1\temp\catchme.sys (file missing)

S0 Bgk37 - c:\windows\system32\drivers\bgk37.sys (file missing)
S0 Cgk65 - c:\windows\system32\drivers\cgk65.sys (file missing)
S0 Hmp03 - c:\windows\system32\drivers\hmp03.sys (file missing)
S3 CoachUsb (Coach Digital Camera on USB) - c:\windows\system32\drivers\coachusb.sys <Not Verified; FotoNation Ltd.; USB Driver for Digital Camera>
S3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 clr_optimization_v2.0.50727_32NtLmSsphelpsvc (.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp clr_optimization_v2.0.50727_32NtLmSsphelpsvc) - c:\windows\system32\12520850j.exe srv (file missing)
S2 SpoolerTermService (Print Spooler SpoolerTermService) - c:\windows\system32\amcompata.exe srv
S2 SSDPSRVUPS (SSDP Discovery Service SSDPSRVUPS) - c:\windows\system32\activedsf.exe srv
S2 TrkWksRpcSs (Distributed Link Tracking Client TrkWksRpcSs) - c:\windows\system32\3ivxvfwcodecy.exe srv
S2 VSSImapiService (Volume Shadow Copy VSSImapiService) - c:\windows\system32\acleditx.exe srv
S2 WmiMSDTC (Windows Management Instrumentation Driver Extensions WmiMSDTC) - c:\windows\system32\ac3acmmy.exe srv (file missing)
S4 clr_optimization_v2.0.50727_32NtLmSsp (.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp) - c:\windows\system32\alrsvcn.exe srv
S4 clr_optimization_v2.0.50727_32NtLmSspdmserver (.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32NtLmSsp clr_optimization_v2.0.50727_32NtLmSspdmserver) - c:\windows\system32\1042h.exe srv
S4 HidServTapiSrv (HID Input Service HidServTapiSrv) - c:\windows\system32\amstreamy.exe srv
S4 LmHostswinmgmt (TCP/IP NetBIOS Helper LmHostswinmgmt) - c:\windows\system32\ahuiq.exe srv (file missing)
S4 RasManclr_optimization_v2.0.50727_32 (Remote Access Connection Manager RasManclr_optimization_v2.0.50727_32) - c:\windows\system32\a3dx.exe srv (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: RADEON 9800 PRO - Secondary
Device ID: PCI\VEN_1002&DEV_4E68&SUBSYS_00031002&REV_00\4&3600494A&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON 9800 PRO - Secondary
PNP Device ID: PCI\VEN_1002&DEV_4E68&SUBSYS_00031002&REV_00\4&3600494A&0&0108
Service: ati2mtag


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 16:20:43 0 d-------- C:\WINDOWS\ERUNT
2008-06-06 14:37:31 0 d-------- C:\Documents and Settings\All Users\Application Data\VYPCNMDBYG
2008-06-06 14:37:26 0 d-------- C:\Program Files\BadgeHelp
2008-06-01 14:09:37 0 d-------- C:\Program Files\Veoh Networks


-- Find3M Report ---------------------------------------------------------------

2008-06-29 13:26:30 0 d-------- C:\Documents and Settings\Christine\Application Data\AVG7
2008-06-26 02:52:04 0 d-------- C:\Documents and Settings\Christine\Application Data\uTorrent
2008-06-03 17:28:52 0 d-------- C:\Program Files\Common Files
2008-06-03 17:28:52 0 d-------- C:\Program Files\Ahead
2008-06-01 14:10:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 16:49:50 0 d-------- C:\Program Files\Last.fm
2008-05-21 22:22:18 0 d-------- C:\Documents and Settings\Christine\Application Data\Winamp
2008-05-21 22:11:35 0 d-------- C:\Program Files\Winamp
2008-05-07 16:19:27 0 d-------- C:\Program Files\Oberon Media
2008-05-07 15:22:18 0 d-------- C:\Documents and Settings\Christine\Application Data\Pogo Games
2008-05-07 02:05:20 0 d-------- C:\Program Files\PeerGuardian2
2008-05-07 02:01:55 0 d-------- C:\Program Files\DivX
2008-04-21 06:49:57 112 --a-s--c- C:\WINDOWS\system32\3466912959.dat
2008-04-20 07:10:49 32 --a-s--c- C:\WINDOWS\system32\771035501.dat
2008-04-12 14:36:43 37888 -r-hs--c- C:\WINDOWS\system32\1042h.exe
2008-04-12 11:12:44 37888 -r-hs--c- C:\WINDOWS\system32\acleditx.exe
2008-04-12 08:33:14 37888 -r-hs--c- C:\WINDOWS\system32\alrsvcn.exe
2008-04-12 05:01:31 28911 --a----c- C:\WINDOWS\system32\kcopt.dll
2008-04-12 04:51:27 209 --a----c- C:\WINDOWS\system32\ksvcl.dll
2008-04-12 04:42:46 37888 -r-hs--c- C:\WINDOWS\system32\activedsf.exe
2008-04-12 02:51:18 37888 -r-hs--c- C:\WINDOWS\system32\3ivxVfWCodecy.exe
2008-04-12 02:51:17 1474 --a----c- C:\WINDOWS\system32\ll.dll
2008-04-11 22:49:43 37888 -r-hs--c- C:\WINDOWS\system32\amcompata.exe
2008-04-11 16:19:43 37888 -r-hs--c- C:\WINDOWS\system32\amstreamy.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [09/26/2007 02:14 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 07:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cgk65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmp03.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe clean]
C:\WINDOWS\System32\lanmanwrk.exe clean

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"clr_optimization_v2.0.50727_32NtLmSspdmserver"=2 (0x2)
"clr_optimization_v2.0.50727_32NtLmSsp"=2 (0x2)
"RasManclr_optimization_v2.0.50727_32"=2 (0x2)
"ose"=3 (0x3)
"LmHostswinmgmt"=2 (0x2)
"HidServTapiSrv"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MsBrowseSrv


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8796902a-9404-11dc-b044-0013d408ef51}]
AutoRun\command- F:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-29 17:40:47 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 511.23 MiB / 179.86 MiB
Pagefile Memory (total/avail): 1245.97 MiB / 975.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 62.23 GiB free.
D: is Fixed (NTFS) - 74.52 GiB total, 34.43 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00EVA0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 74.52 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\WINDOWS\\kavir.exe"="C:\\WINDOWS\\kavir.exe:*:Enabled:enable"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\WINDOWS\\TEMP\\rld7.tmp"="C:\\WINDOWS\\TEMP\\rld7.tmp:*:Enabled:717D075B486A1739"
"C:\\WINDOWS\\TEMP\\rld34.tmp"="C:\\WINDOWS\\TEMP\\rld34.tmp:*:Enabled:717D075B486A1739"
"C:\\WINDOWS\\TEMP\\rldD.tmp"="C:\\WINDOWS\\TEMP\\rldD.tmp:*:Enabled:717D075B486A1739"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Christine\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMD3000
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Christine
LOGONSERVER=\\AMD3000
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
USERDOMAIN=AMD3000
USERNAME=Christine
USERPROFILE=C:\Documents and Settings\Christine
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Christine (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CEP - Color Enable Package --> "C:\PROGRA~1\EAGAME~1\THESIM~1\zCEP_Uninstaller\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ev0 --> C:\Program Files\MSN Messenger\uninstallEv0.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB900399) --> "C:\WINDOWS\$NtUninstallKB900399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB912454) --> "C:\WINDOWS\$NtUninstallKB912454$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB917821) --> "C:\WINDOWS\$NtUninstallKB917821$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB922042) --> "C:\WINDOWS\$NtUninstallKB922042$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK 9.5 (KB905592) --> "C:\WINDOWS\$NtUninstallKB905592$\spuninst\spuninst.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.71 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.1.29527 --> "C:\Program Files\Last.fm\unins000.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VIA Integrated Setup Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
WeatherEye --> "C:\Program Files\TheWeatherNetwork\WeatherEye\MMTWNLiveUpdate.exe" /language ENGLISH /uninstall HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WeatherEye,HKEY_CURRENT_USER\Software\MMTWN\WeatherEye
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVI VideoConverter --> "C:\Program Files\WinAVI VideoConverter\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB896097 --> "C:\WINDOWS\$NtUninstallKB896097$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type21119 / Error
Event Submitted/Written: 06/29/2008 05:10:05 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 374723675.

Event Record #/Type21118 / Error
Event Submitted/Written: 06/29/2008 05:10:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 8.1.178.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type21112 / Error
Event Submitted/Written: 06/29/2008 05:08:45 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 374723675.

Event Record #/Type21111 / Error
Event Submitted/Written: 06/29/2008 05:08:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 8.1.178.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type21100 / Success
Event Submitted/Written: 06/29/2008 05:07:17 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37082 / Error
Event Submitted/Written: 06/29/2008 04:49:17 PM / 06/29/2008 04:49:26 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type37080 / Error
Event Submitted/Written: 06/29/2008 04:49:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%2

Event Record #/Type37079 / Error
Event Submitted/Written: 06/29/2008 04:49:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Microsoft Windows Browser Servce service terminated with the following error:
%%126

Event Record #/Type37078 / Error
Event Submitted/Written: 06/29/2008 04:49:19 PM
Event ID/Source: 104 / SRService
Event Description:
The System Restore initialization process failed.

Event Record #/Type37075 / Error
Event Submitted/Written: 06/29/2008 04:43:42 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip



-- End of Deckard's System Scanner: finished at 2008-06-29 17:40:47 ------------
  • 0

#8
kahdah
Posted 29 June 2008 - 03:47 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP