Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

auut.com AND postupdate.exe


  • Please log in to reply

#1
keyop

keyop

    New Member

  • Member
  • Pip
  • 6 posts
Hello nice helpful people :)

I hope you can help me. Recently my computer started getting browser jacked from google, any search result clicked would be routed through auut.com to a number of different other pages, often odd search engines. then, unfortunately, when my girlfreind was looking something up, something claiming to be shockwave updater installed itself and now postupdate.exe keeps trying access the internet but i have a sneaky suspicion that it's a filthy nefarious thing that I need to remove!

I've ran about a billion different bits of malware remover/virus scans etc (some of which say my zonealarm is off but it tells me it's on???!!) and followed all your steps in the 'before you post thread', so have finally come to you to see if you can assist me in cleaning up my computer. these are all the logs I have got

First up Malwarebytes:

Malwarebytes' Anti-Malware 1.19
Database version: 921
Windows 5.1.2600 Service Pack 2

22:30:32 04/07/2008
mbam-log-7-4-2008 (22-30-32).txt

Scan type: Quick Scan
Objects scanned: 44201
Time elapsed: 14 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\POSIX (Worm.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\POSIX (Worm.MyDoom) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Superantispyware:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-05 17:47:47
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 3
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Zone Alarm Security Suite 7.0.470.000 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00227735 adware/ideskbar Adware No 0 Yes No hkey_local_machine\system\controlset001\services\zpmodemsysntdrvnt
00360535 W32/Mydoom.DN.worm Virus No 0 Yes No Local Folders\Archive\hi\document.scr
00360535 W32/Mydoom.DN.worm Virus No 0 Yes No Local Folders\Archive\Message could not be delivered\file.pif
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\Documents and Settings\Spughilda\Desktop\virus gubbins\spyware stuff\KillBox.exe
No C:\I386\GTDownDE_87.ocx
No C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176382 HIGH MS07-057
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141034 HIGH MS06-076
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93394 HIGH MS05-050
93454 MEDIUM MS05-049
;===============================================================================
=================================================================================
===================


and finally a Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:45, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.motorpsyc.../xwingzmk2b.jpg


I appreciate that's a lot of info to plough through!!

Cheers
Keyop
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello keyop

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
keyop

keyop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey Kahdah,

I really appreciate you helping me out!

Here are the DSS logs

Main

Deckard's System Scanner v20071014.68
Run by Spughilda on 2008-07-05 20:30:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-05 19:31:27 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-07-04 21:37:36 UTC - RP3 - Installed SUPERAntiSpyware Free Edition
2: 2008-07-04 20:59:19 UTC - RP2 - number1
1: 2008-07-04 20:58:11 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Spughilda.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:23, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Documents and Settings\Spughilda\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Spughilda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E76C515F-5DC8-4407-809C-F9E40AEFB235}: NameServer = 85.255.114.104 85.255.112.92
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.motorpsyc.../xwingzmk2b.jpg

--
End of file - 8469 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080629-164222-793 O17 - HKLM\System\CCS\Services\Tcpip\..\{E76C515F-5DC8-4407-809C-F9E40AEFB235}: NameServer = 85.255.114.104 85.255.112.92

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3500>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3500>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver (x86)>

S0 Klpid - c:\windows\system32\drivers\klpid.sys (file missing)
S1 Klmc - c:\windows\system32\drivers\klmc.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3500>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 SMALUSB (Digital Camera Driver) - c:\windows\system32\drivers\smalidt.sys <Not Verified; SMaL Camera Technologies, Inc.; SMaL Camera Technolgies IDT Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 23:56:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-22 09:00:00 194 --a------ C:\WINDOWS\Tasks\Temp.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 11:46:02 0 d-------- C:\Program Files\Panda Security
2008-07-04 22:38:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-04 22:37:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-04 22:37:40 0 d-------- C:\Documents and Settings\Spughilda\Application Data\SUPERAntiSpyware.com
2008-07-04 22:01:42 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Malwarebytes
2008-07-04 22:01:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 22:01:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 22:00:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-03 20:05:19 0 dr-h----- C:\Documents and Settings\Spughilda\Recent
2008-06-29 16:40:00 0 d-------- C:\Program Files\Trend Micro
2008-06-24 00:29:45 0 d-------- C:\Documents and Settings\Spughilda\.housecall6.6
2008-06-22 01:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-22 01:28:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-07-05 20:20:27 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Skype
2008-07-04 22:00:39 0 d-------- C:\Program Files\Common Files
2008-06-22 01:30:35 0 d-------- C:\Program Files\Lavasoft
2008-06-22 01:30:31 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Lavasoft
2008-06-22 00:51:57 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Mozilla
2008-06-19 16:52:08 0 d-------- C:\Program Files\Click'N Design 3D (V5)
2008-05-18 15:08:13 24 --a------ C:\WINDOWS\system32\sysogg.dll
2008-05-16 13:14:05 209 --a------ C:\WINDOWS\mfont.dat
2008-05-07 09:52:10 0 d-------- C:\Documents and Settings\Spughilda\Application Data\uTorrent
2008-04-22 20:00:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-12 21:41:57 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-04-12 21:41:56 205 --a------ C:\WINDOWS\system32\lsprst7.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [20/08/2004 16:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [20/08/2004 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 18:48]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [04/03/2004 12:36]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/03/2004 21:59]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [13/05/2004 20:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [14/05/2004 10:35]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 21:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 12:43]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [13/08/2004 02:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 02:01]
"DSLSTATEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe" [27/05/2004 12:07]
"DSLAGENTEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe" [27/05/2004 12:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [20/12/2004 19:41]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 23:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/04/2008 20:56]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [27/04/2008 16:38]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [18/12/2006 17:32]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/07/2008 18:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

C:\Documents and Settings\Spughilda\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 14:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 14:33:22]
DESKTOP.INI [10/08/2004 14:04:12]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [03/08/2007 12:10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/07/2008 18:07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/07/2008 18:07 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - PAVBOOT
*Newly Created Service* - SASDIFSV



-- End of Deckard's System Scanner: finished at 2008-07-05 20:36:40 ------------

& Extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 510.33 MiB / 181.08 MiB
Pagefile Memory (total/avail): 1247.88 MiB / 890.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.2 MiB

C: is Fixed (NTFS) - 33.7 GiB total, 8.26 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK4026GAX - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 33.7 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: ZoneAlarm Security Suite Antivirus v7.0.337.000 (Check Point, LTD.) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Spughilda\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJHBPF1J
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Spughilda
LOGONSERVER=\\DJHBPF1J
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SPUGHI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SPUGHI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=DJHBPF1J
USERNAME=Spughilda
USERPROFILE=C:\Documents and Settings\Spughilda
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Spughilda (admin)
Sam
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
Action Man Update --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{69f9566d-f2e9-4956-b9ca-3e96e6baa769}.sdb"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Age of Castles --> "C:\Program Files\Age of Castles\ReflexiveArcade\unins000.exe"
AnalogX Virtual Piano --> C:\Program Files\AnalogX\VPiano\vpianou.exe
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3958340-EDFD-4206-9AE0-3FFDF652B47B}\SETUP.EXE" -l0x9 -uninst
Arturia Moog Modular V v1.1 --> C:\PROGRA~1\Arturia\MOOGMO~1\UNWISE.EXE C:\PROGRA~1\Arturia\MOOGMO~1\INSTALL.LOG
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ASIO4ALL v2 --> C:\Program Files\ASIO4ALL v2\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BAMZOOKi Zook Kit v2.3.119 --> "C:\Program Files\BAMZOOKi Zook Kit\unins000.exe"
Beta Bugs SVF2 VST --> "C:\Program Files\Steinberg\Vstplugins\Betabugs\SVF2\SVF2 Uninstall.exe"
Boowa and Kwala - hot air balloon Screen Saver --> C:\WINDOWS\Boowa and Kwala - hot air balloon.scr /u
Broadcom Management Programs --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Click'N Design 3D for AfterBurner™ (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Conexant D480 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
daHornet Version 1.34 --> "C:\Program Files\Steinberg\Vstplugins\DashSignature.com\daHornet\unins000.exe"
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support 5.0.0 (630) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Delta Filter --> MsiExec.exe /I{AE1366CB-6EC4-421B-BD4E-B2664A7CADCE}
Digital 1.3 --> "C:\Program Files\Digital\unins000.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Edirol Hyper Canvas v1.53 --> C:\PROGRA~1\EDIROL\HYPERC~1\EDIROL~1\UNWISE.EXE C:\PROGRA~1\EDIROL\HYPERC~1\EDIROL~1\INSTALL.LOG
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Foorius version 1.0 --> "C:\Program Files\Foorius\unins000.exe"
FreeZip --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\freezip.inf,Uninstall
Glitch One MB VSTi Version 1.0b --> "C:\Program Files\Steinberg\Vstplugins\DashSignature.com\Glitch One MB\unins000.exe"
GMediaMusic - Oddity VST2 --> C:\WINDOWS\unvise32.exe C:\Program Files\Steinberg\Vstplugins\GMediaMusic\Oddity VST2\uninstal.log
GreenMachine Amp II v1.01 VST --> C:\PROGRA~1\VSTPLU~1\GREENM~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\GREENM~1\INSTALL.LOG
GTK+ 2.8.9 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Harry Potter Creative CD --> MsiExec.exe /I{182ACEA4-834A-4C60-AA55-E979EDFBBA3E}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iGrafx FlowCharter 2003 --> MsiExec.exe /I{623570A8-D82B-4EDB-B5AE-42FFCE831033}
IK Multimedia AmpliTube v1.3.1 --> C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG
Industry 2.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\VstPlugins\Industry2\irunin.ini"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
JX220 (remove only) --> "C:\Program Files\JXPlugins\JX220\uninstall.exe"
JXSynth 1.2 (remove only) --> "C:\Program Files\JXPlugins\JXSynth 1.2\uninstall.exe"
Korg Legacy Collection v1.0.0.2 --> C:\PROGRA~1\KORG\KORGLE~1\UNWISE.EXE C:\PROGRA~1\KORG\KORGLE~1\INSTALL.LOG
KTGranulator 1.2 --> "C:\Program Files\Steinberg\Vstplugins\KTfx\KTGranulator\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LinPlug CronoX VSTi v2.04 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\CronoX2\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\CronoX2\INSTALL.LOG
LinPlug RM IV --> C:\PROGRAM FILES\STEINBERG\VSTPLUGINS\UninstalRMIV.exe
Linplug RM IV v4.1.2 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\RMIVUN~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\RMIVUN~1\INSTALL.LOG
Live 4.0.1 --> C:\PROGRA~1\Ableton\LIVE40~1.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE40~1.1\Install\INSTALL.LOG
LQfix 2.1 --> "C:\WINDOWS\LQfix\unins000.exe"
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Standard 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISSTDR /dll OSETUP.DLL
Microsoft Office Visio Standard 2007 --> MsiExec.exe /X{91120000-0053-0000-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Converter Simple --> C:\PROGRA~1\MP3CON~1\UNWISE.EXE C:\PROGRA~1\MP3CON~1\INSTALL.LOG
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}
Native Instruments Absynth 3 --> C:\PROGRA~1\NATIVE~1\ABSYNT~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\ABSYNT~1\INSTALL.LOG
Native Instruments Battery --> C:\PROGRA~1\NATIVE~1\Battery\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Battery\INSTALL.LOG
Native Instruments Guitar Rig v1.2 --> C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Native Instruments Traktor DJ Studio v2.6.1.022 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Natural Voice Reader Free --> MsiExec.exe /I{B4A69416-B88B-4A05-B996-6F752DA42F20}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Novation V-Station VSTi v1.11 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\V-STAT~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\V-STAT~1\INSTALL.LOG
OLYMPUS CAMEDIA Master 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06230E02-2B7E-11D2-92D0-0040051BD005}\setup.exe" -uninst
Oregon Scientific DS6628 Photo Album --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569FEA14-88A3-4EF1-89D0-78939AB21286}\Setup.exe" -l0x9
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PConPoint v2.0 --> "C:\Program Files\PConPoint\unins000.exe"
pHATmatik PRO 1.1 --> "C:\Program Files\Steinberg\Vstplugins\unins003.exe"
Pinnacle Instant DVD Recorder --> C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
Pirates of Treasure Island --> "C:\Sam stuff\Pirates of Treasure Island\unins000.exe"
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSP 84 v1.0 --> C:\PROGRA~1\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP84~1\INSTALL.LOG
Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Rainbow Synth Version 2.5 --> "C:\Program Files\BigTick\Rainbow2\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ReFX Junox2 VSTi v1.4 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\REFXJU~1.4\Log\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\REFXJU~1.4\Log\INSTALL.LOG
Registry Mechanic 5.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
rgc:audio sfz VSTi v1.96 --> "C:\Program Files\Steinberg\Vstplugins\unins001.exe"
rgcAudio Triangle I VSTi v1.1 --> "C:\Program Files\Steinberg\Vstplugins\unins002.exe"
Rob Papen Albino 2 --> C:\Program Files\Steinberg\Vstplugins\UninstalAlbino2.exe
Rock --> "C:\Program Files\steinberg\vstplugins\unins000.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic 3D --> C:\Games\Sega\Sonic3D\directx\setup /r
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Foundry XFX 1 Plug-In Pack DEMO 1.0 --> C:\WINDOWS\SF97UNIN.EXE /A C:\PROGRA~1\SONICF~1\DEMO\SFPPACK1.LOG
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Steinberg Cubase SX v2.2.0.35 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg HALion VSTi v2.0.2 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\HALION~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\HALION~1\INSTALL.LOG
Steinberg PLEX VSTi v1.0 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\Plex\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\Plex\INSTALL.LOG
Steinberg Voice Designer v1.03 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\VOICED~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\VOICED~1\INSTALL.LOG
Steinberg WaveLab 5.01a --> C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
Stomper Hyperion --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Stomper\Uninst.isu"
Stop the Morbuzakh (remove only) --> C:\Program Files\LEGO Software\Stop the Morbuzakh\Uninst.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synapse.Junglist.v3.11-OxYGeN --> C:\PROGRA~1\STEINB~1\VSTPLU~1\Junglist\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\Junglist\Install.log
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime --> C:\PROGRA~1\TCNATI~1\UNWISE.EXE C:\PROGRA~1\TCNATI~1\INSTALL.LOG
The GIMP 2.2.10 --> "C:\Program Files\GIMP-2.0\unins000.exe"
Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
U.B. Funkeys --> C:\Program Files\U.B. Funkeys\uninstall.exe
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Voyager 105 ADSL Modem --> C:\Program Files\Voyager 105 ADSL Modem\uninstall.exe
Warp VST V1.0 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\WARPVS~1.0\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\WARPVS~1.0\INSTALL.LOG
Waves Diamond Bundle v5.0 --> C:\PROGRA~1\Waves\UNINST~1\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~1\INSTALL.LOG
Waves Transform Bundle v5.0 --> C:\PROGRA~1\Waves\UNINST~2\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~2\INSTALL.LOG
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WingMan Software --> MsiExec.exe /X{435673AB-6821-416D-806A-E477DFA60A42}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Worms2 --> C:\WINDOWS\IsUninst.exe -fC:\Team17\Worms2\Uninst.isu
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2027 / Error
Event Submitted/Written: 07/05/2008 08:35:21 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2026 / Error
Event Submitted/Written: 07/05/2008 08:35:21 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Event Record #/Type2025 / Error
Event Submitted/Written: 07/05/2008 08:34:46 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2024 / Error
Event Submitted/Written: 07/05/2008 08:34:46 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Event Record #/Type2023 / Error
Event Submitted/Written: 07/05/2008 08:34:46 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type677 / Warning
Event Submitted/Written: 07/05/2008 06:52:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type657 / Error
Event Submitted/Written: 07/05/2008 06:07:14 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Klmc
Klpid

Event Record #/Type627 / Error
Event Submitted/Written: 07/05/2008 11:04:39 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Klmc
Klpid

Event Record #/Type575 / Error
Event Submitted/Written: 07/04/2008 00:38:53 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Klmc
Klpid

Event Record #/Type551 / Error
Event Submitted/Written: 07/04/2008 10:16:32 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Klmc
Klpid



-- End of Deckard's System Scanner: finished at 2008-07-05 20:36:40 ------------

cheers
K
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

First uninstall this program >ZoneAlarm Security Suite Antivirus
================================================
Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt).
==============================================
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

C:\WINDOWS\system32\sysogg.dll
C:\WINDOWS\mfont.dat


Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#5
keyop

keyop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here's the fixwareout log:

Username "Spughilda" - 06/07/2008 0:14:21 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"DadApp"="C:\\Program Files\\Dell\\AccessDirect\\dadapp.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"DSLSTATEXE"="C:\\Program Files\\Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\Voyager 105 ADSL Modem\\dslagent.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"PCLEUSBTip"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\USBTip\\USBTip.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

here's the log for C:\WINDOWS\system32\sysogg.dll

File sysogg.dll received on 07.06.2008 01:18:31 (CET)
Current status: finished
Result: 0/33 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.7.4.1 2008.07.05 -
AntiVir 7.8.0.64 2008.07.05 -
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.05 -
AVG 7.5.0.516 2008.07.05 -
BitDefender 7.2 2008.07.05 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.05 -
DrWeb 4.44.0.09170 2008.07.05 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5929 2008.07.05 -
Ewido 4.0 2008.07.05 -
F-Prot 4.4.4.56 2008.07.04 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.05 -
GData 2.0.7306.1023 2008.07.05 -
Ikarus T3.1.1.26.0 2008.07.05 -
Kaspersky 7.0.0.125 2008.07.06 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.06 -
NOD32v2 3244 2008.07.05 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.05 -
Prevx1 V2 2008.07.06 -
Rising 20.51.42.00 2008.07.04 -
Sophos 4.31.0 2008.07.05 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.05 -
TheHacker 6.2.96.373 2008.07.05 -
TrendMicro 8.700.0.1004 2008.07.05 -
VBA32 3.12.6.8 2008.07.05 -
VirusBuster 4.5.11.0 2008.07.05 -
Webwasher-Gateway 6.6.2 2008.07.05 -
Additional information
File size: 24 bytes
MD5...: dbae6f95382cd6333405d96b2c0a44e9
SHA1..: 74f45e99690fcf0b4f1638d15ab85af35878a36b
SHA256: 69e9c11ad8ed47c25e12fbee50e63ba8ca294bf0095729d4f150667ecb7ee6a6
SHA512: 867bf550bbb37cf0c3d647e748974e265a016c7852a996edb54468a5a987f500
5b016f94a2444eec7f691cb2a4877de6656de8fe7bdabdab1654df285597c259
PEiD..: -
PEInfo: -

and here's the log for C:\WINDOWS\mfont.dat

File mfont.dat received on 07.06.2008 01:19:46 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/33 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.7.4.1 2008.07.05 -
AntiVir 7.8.0.64 2008.07.05 -
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.05 -
AVG 7.5.0.516 2008.07.05 -
BitDefender 7.2 2008.07.05 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.05 -
DrWeb 4.44.0.09170 2008.07.05 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5929 2008.07.05 -
Ewido 4.0 2008.07.05 -
F-Prot 4.4.4.56 2008.07.04 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.05 -
GData 2.0.7306.1023 2008.07.05 -
Ikarus T3.1.1.26.0 2008.07.05 -
Kaspersky 7.0.0.125 2008.07.06 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.06 -
NOD32v2 3244 2008.07.05 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.05 -
Prevx1 V2 2008.07.06 -
Rising 20.51.42.00 2008.07.04 -
Sophos 4.31.0 2008.07.05 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.05 -
TheHacker 6.2.96.373 2008.07.05 -
TrendMicro 8.700.0.1004 2008.07.05 -
VBA32 3.12.6.8 2008.07.05 -
VirusBuster 4.5.11.0 2008.07.05 -
Webwasher-Gateway 6.6.2 2008.07.05 -
Additional information
File size: 209 bytes
MD5...: d1cdd592152cf6bac645c33267b8b3c7
SHA1..: af09001af6e7834eaf1a61b81f341fd685878eef
SHA256: 9d03d19a00db1fc48317a38b60b75b8f02b2ba353089122efada10e5ae149840
SHA512: 302e5559bafa66c9f63a0313fcfdc2c556e830624f006cfb5d5af2648a7397d6
a4b437dadb030b375de370cd9e0cfd90948c7d86dd5c0215552e939f34eaa8d8
PEiD..: -
PEInfo: -

keyop
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E76C515F-5DC8-4407-809C-F9E40AEFB235}: NameServer = 85.255.114.104 85.255.112.92



Now click on Fix Checked and then close Hijackthis.
====================================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    hkey_local_machine\system\controlset001\services\zpmodemsysntdrvnt
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========================================
After that Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Paste these files in do each seperately document.scr and file.pif then click on Search
      to search for the file(s)
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"
================
Please post these logs:
New Dss log
OTMove it log
File Find log

  • 0

#7
keyop

keyop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
New DSS log:

Deckard's System Scanner v20071014.68
Run by Spughilda on 2008-07-06 01:37:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Spughilda.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:37:20, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Spughilda\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SPUGHI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O24 - Desktop Component 0: (no name) - http://www.motorpsyc.../xwingzmk2b.jpg

--
End of file - 8018 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-05 11:46:02 0 d-------- C:\Program Files\Panda Security
2008-07-04 22:38:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-04 22:37:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-04 22:37:40 0 d-------- C:\Documents and Settings\Spughilda\Application Data\SUPERAntiSpyware.com
2008-07-04 22:01:42 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Malwarebytes
2008-07-04 22:01:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 22:01:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 22:00:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-03 20:05:19 0 dr-h----- C:\Documents and Settings\Spughilda\Recent
2008-06-29 16:40:00 0 d-------- C:\Program Files\Trend Micro
2008-06-24 00:29:45 0 d-------- C:\Documents and Settings\Spughilda\.housecall6.6
2008-06-22 01:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-22 01:28:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-07-06 01:19:07 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Skype
2008-07-04 22:00:39 0 d-------- C:\Program Files\Common Files
2008-06-22 01:30:35 0 d-------- C:\Program Files\Lavasoft
2008-06-22 01:30:31 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Lavasoft
2008-06-22 00:51:57 0 d-------- C:\Documents and Settings\Spughilda\Application Data\Mozilla
2008-06-19 16:52:08 0 d-------- C:\Program Files\Click'N Design 3D (V5)
2008-05-18 15:08:13 24 --a------ C:\WINDOWS\system32\sysogg.dll
2008-05-16 13:14:05 209 --a------ C:\WINDOWS\mfont.dat
2008-05-07 09:52:10 0 d-------- C:\Documents and Settings\Spughilda\Application Data\uTorrent
2008-04-22 20:00:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-12 21:41:57 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-04-12 21:41:56 205 --a------ C:\WINDOWS\system32\lsprst7.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [20/08/2004 16:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [20/08/2004 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 18:48]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [04/03/2004 12:36]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/03/2004 21:59]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [13/05/2004 20:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [14/05/2004 10:35]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 21:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 12:43]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [13/08/2004 02:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 02:01]
"DSLSTATEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe" [27/05/2004 12:07]
"DSLAGENTEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe" [27/05/2004 12:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [20/12/2004 19:41]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/04/2008 20:56]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [27/04/2008 16:38]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [18/12/2006 17:32]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/07/2008 18:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

C:\Documents and Settings\Spughilda\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 14:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 14:33:22]
DESKTOP.INI [10/08/2004 14:04:12]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [03/08/2007 12:10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/07/2008 18:07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/07/2008 18:07 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-06 01:37:46 ------------


OTMove it

< hkey_local_machine\system\controlset001\services\zpmodemsysntdrvnt >
Registry key hkey_local_machine\system\controlset001\services\zpmodemsysntdrvnt\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_012709


filefind didn't find those files, so there was no report :?
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
LocalFolders\Archive\hi\document.scr
Local Folders\Archive\Message could not be delivered\file.pif
The Panda scan Identified these 2 files above.
They appear to be in an e-mail archive.
Possibly in your Outlook Express saved Mail or maybe a backup.
See if they are there and delete them if you find them.
=====================================
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===============================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
keyop

keyop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I can't find those two files manually...

here's the kaspersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 05, 2008 19:24:44
Records in database: 916362
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 93100
Threat name: 2
Infected objects: 3
Suspicious objects: 1
Duration of the scan: 02:27:04


File name / Threat name / Threats count
C:\Documents and Settings\Spughilda\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Archive.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Spughilda\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Archive.dbx Infected: Email-Worm.Win32.Mydoom.l 3

The selected area was scanned.

thanks
K
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Do you currently use Outlook Express?
  • 0

#11
keyop

keyop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey, sorry was away yesterday...

The computer is used by a couple of different people and outlook is used by one of those people, yes.

K
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You will have to tell them to delete all the backups made by Outlook Express.
Or anything within their archived folders because of the below.

C:\Documents and Settings\Spughilda\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Archive.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Spughilda\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Archive.dbx Infected: Email-Worm.Win32.Mydoom.l 3


===================================
After doing the above


Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP