Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Zlob related - cannot run any files .bat, .exe cmd etc.


  • Please log in to reply

#1
slipperx

slipperx

    Member

  • Member
  • PipPip
  • 21 posts
Hi
I have now been over a week trying to get my computer to run properly. The bottom of this post contains the latest log file. I am using a SOny Vaio laptop with Windows XP SP2 which became infected with a variant of the zlob virus. I used Trend Micro PCCillin to remove the virus and have deleted the files relating to the virus together with the restore points affected as reported by Trend Micor. I am not sure which variant it was as I have deleted the information in trying to get the machine running. I am not sure why the virus got past PCCIllin in the first place.

The issue is now that in a normal boot situation windows loads but no programme
will load including explorer, cannot install anything, cannot access any of the management consoles or really do anything - each time I try I get an error saying I may not have permission to access the file. My login is as a computer administrator - I have rechecked that that has not changed and I managed to verify from within normall Windows. I also found out that sometimes during the boot procedure if I click immediately the icons appear then I can open certain programmes but a few seconds later the same programme will not open giving the permissions error again.

I assumed that the infection had somehow changed the permissions on my system so I booted into safe mode and ran Dial-a-fix reset permissions, reset registry associations etc. which completed OK saying only some components could not be found. I rebooted normally but the same symptoms existed. I figured that something must be loading during the boot process to refuse my access but in mnanaging to get into the computer management console one time during boot up I found that I am still listed in the Administrators group and a new account I set up with administrator rights also exhibited the same symptoms. So I figured maybe something was loading and unloading into the registry to disguise itself when you boot into safe mode somehow. I removed the HKLM run and HKCU run keys from the registry together with all the startup programs in D&S/... Startup folder for All Users and my own profile and rebooted - same problem - no access allowed. I reinstated these back again and still cannot acccess any programmes but now do not even seem to be able to get into anything during Windows startup anymore.

I can run Trend Micro in normal mode for some reason this does not seem to be prevented from loading but I am not sure why. Have run a scan with that several times and also using House call which does not produce any infections or problems. I cannot run the programmes listed in the 5 step process so am not sure what to do now. This all started from the zlob infection which came packaged in a bad video codec.

Please help if you can and thanks for your time reading this.
Ian



I have Bart disk so have been able to restore the system to a previous point long before the virus infected the machine but that did not solve things.

*** Since posting this message and following logs I managed eventually (very eventually) to get a ComboFix to run and here is the logfile - immediately after running combofix the programs on the computer are accessible but after shutting down and restarting the computer the programs are again unavailable. Nothing will run - I cannot view text files, cannot access control panel items, cannot run cmd, cannot open any .bat, .exe and so on. The computer is unusable - any time any of the above programs are attempted to be opened I get a 'You may not have the appropriate permissions...' warning. I have again run repair permissions and repair associations from Dial a Fix in safe mode but to no avail. The first time after running these programs the icons take a very long time to appear on reboot - looks like maybe the virus hijack's the computer at startup and disables everything from running. For some reason about 1 time in 10 you can very quickly double click an icon immediately it appears and get it to run but the other 9 times it doesn;t matter how quick you are it just locks me out.
P.S. Tried to install Recovery Console but cannot because virus refuses access - Anyway have Bart PE disk so can use that for most repair things. Log:
ComboFix 08-07-09.4 - Ian 2008-07-10 6:41:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.477 [GMT -4:00]
Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\setup.exe
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 03:27 . 2008-07-10 03:27 <DIR> d-------- C:\WINDOWS\system32\788877
2008-07-09 21:15 . 2008-07-10 03:27 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-09 21:11 . 2008-07-10 03:27 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-09 11:59 . 2008-07-09 11:59 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\Malwarebytes
2008-07-09 11:59 . 2008-07-09 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 11:58 . 2008-07-10 03:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 10:24 . 2008-07-10 03:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 10:24 . 2008-07-09 10:24 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\SUPERAntiSpyware.com
2008-07-09 10:18 . 2008-07-10 06:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 05:47 . 2008-07-09 05:47 <DIR> d-------- C:\Deckard
2008-07-07 07:07 . 2008-07-09 21:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-07 06:42 . 2008-07-10 02:25 3,153,920 --a------ C:\WINDOWS\sectest.db
2008-07-06 19:52 . 2008-07-06 19:52 <DIR> d-------- C:\WINDOWS\Recent
2008-07-06 19:52 . 2008-07-06 19:52 <DIR> d-------- C:\WINDOWS\Cookies
2008-07-05 00:56 . 2008-07-10 06:09 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-07-04 07:31 . 2004-08-14 01:06 <DIR> d-------- C:\Documents and Settings\Test\Application Data\Symantec
2008-07-04 07:31 . 2008-07-07 09:04 <DIR> d-------- C:\Documents and Settings\Test\Application Data\Sony Corporation
2008-07-04 07:31 . 2008-07-06 19:52 <DIR> d-------- C:\Documents and Settings\Test
2008-07-04 07:30 . 2004-08-14 01:06 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-07-04 07:30 . 2004-08-14 00:50 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Sony Corporation
2008-07-04 07:30 . 2008-07-06 19:52 <DIR> d-------- C:\Documents and Settings\Guest
2008-06-30 04:30 . 2008-07-08 05:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-30 01:46 . 2008-06-30 01:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-30 01:26 . 2008-06-30 01:26 3,153,920 --a------ C:\secsetup.sdb
2008-06-30 01:22 . 2008-06-30 01:17 379,392 --a------ C:\subinacl.msi
2008-06-30 01:15 . 2008-06-29 21:08 528 --a------ C:\reset.cmd
2008-06-29 10:38 . 2008-06-29 10:38 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-06-29 10:38 . 2008-07-10 03:46 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\HouseCall 6.6
2008-06-29 09:55 . 2008-06-29 09:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-11 05:33 . 2008-06-13 09:10 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 10:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 07:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-10 01:16 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-27 16:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-27 15:58 --------- d-----w C:\Documents and Settings\Ian\Application Data\AdobeUM
2008-05-14 02:09 --------- d-----w C:\Program Files\HandicapMaster7
2008-05-14 02:09 --------- d-----w C:\Documents and Settings\Ian\Application Data\HandicapMaster7
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-17 02:12 2,994 ----a-w C:\Documents and Settings\Ian\Application Data\SAS7_000.DAT
2006-06-28 10:14 1,508 ----a-w C:\Documents and Settings\Ian\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 17:42 401491]
"E06AXLRD_6516159"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" [2005-06-03 13:30 301776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-09-26 23:37 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 21:21 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 00:00 335872]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2004-06-30 00:45 180224]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-06-29 17:49 122880]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-08-03 19:56 294912]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 06:36 135168]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 21:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 22:00 65536]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"CnxDslTaskBar"="C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe" [2004-04-27 13:00 466944]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 08:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-09-29 22:02 3112960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2007-03-06 06:11 3364616]
"AirCardEnabler"="C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe" [2006-10-26 09:37 180224]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:00 110592 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Ian\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe [2006-08-10 03:21:05 194775]
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2006-12-11 17:20:40 2332264]
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2008-05-13 21:20:46 474808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe [2007-06-01 09:31:40 1576960]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-10-12 23:00:30 1048576]
eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [2005-12-19 11:22:07 107008]
eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [2005-12-19 11:22:08 500224]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 16:04:48 176128]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"MSACM.CEGSM"= mobilev.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\CyberTrader\\CyberTraderPro.exe"=
"C:\\Program Files\\eSignal\\winros.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Tee2Green\\SureAnalysis\\SureAnalysis.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys [2004-08-03 23:59]
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 15:41]
R1 DMICall;Sony DMI Call service;C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 19:18]
R1 tmtdi;Trend Micro TDI Driver;C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-09-14 21:28]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-01-27 03:28]
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 08:47]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service;C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-07-02 21:42]
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-07-02 23:16]
R2 SQLBrowser;SQL Server Browser;c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 05:29]
R2 SQLWriter;SQL Server VSS Writer;c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 05:29]
R2 SwiWiFiComm;SwiWiFiComm;C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe [2006-10-26 09:38]
R2 tmmbd;Trend Micro MBD Driver;C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys [2006-09-14 21:28]
R2 Tmpreflt;Tmpreflt;C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-05-02 16:21]
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-05-02 16:22]
R2 Vsapint;Vsapint;C:\WINDOWS\system32\drivers\VsapiNT.sys [2008-05-02 16:17]
R3 aeaudio;aeaudio;C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 21:34]
R3 ApfiltrService;Alps Pointing-device Filter Driver;C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 17:31]
R3 apusbsnt;Sierra Wireless USB Modem Device Driver;C:\WINDOWS\system32\DRIVERS\apusbsnt.sys [2003-12-09 15:52]
R3 E100B;Intel® PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 15:44]
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-10-14 20:08]
R3 smwdm;smwdm;C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-17 13:46]
R3 SNC;Sony Notebook Control Device;C:\WINDOWS\system32\Drivers\SonyNC.sys [2000-11-09 23:15]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 15:59]
R3 tifmsony;tifmsony;C:\WINDOWS\system32\drivers\tifmsony.sys [2004-05-21 16:46]
R3 tmcfw;Trend Micro Common Firewall Service;C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-08-24 22:58]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-06-29 19:49]
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 09:00]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2007-02-10 05:29]
S2 MSSQL$VPINSTANCE;SQL Server (VPINSTANCE);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 05:29]
S2 PcCtlCom;Trend Micro Central Control Component;C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe [2006-09-29 21:34]
S2 Tmntsrv;Trend Micro Real-time Service;C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe [2006-09-29 21:38]
S2 TmPfw;Trend Micro Personal Firewall;C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [2006-09-14 21:31]
S2 tmproxy;Trend Micro Proxy Service;C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe [2006-09-14 21:34]
S3 Airgo;Belkin Wireless Pre-N Notebook Network Driver;C:\WINDOWS\system32\DRIVERS\wnihdd51.sys [2004-10-25 04:10]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 20:43]
S3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 02:10]
S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 01:58]
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys [2008-06-13 09:10]
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys [2004-08-04 02:10]
S3 CnxEtP;AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 10:26]
S3 CnxEtU;AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 10:26]
S3 CnxTgN;AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 15:02]
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 08:47]
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 08:47]
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 08:47]
S3 grmnusb;grmnusb;C:\WINDOWS\system32\drivers\grmnusb.sys [2005-11-07 17:17]
S3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2004-07-07 18:12]
S3 MSCSPTISRV;MSCSPTISRV;C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 17:35]
S3 NdisIP;Microsoft TV/Video Connection;C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 12:10]
S3 NETMW145;Belkin N1 Wireless Notebook Card Service for Windows XP;C:\WINDOWS\system32\DRIVERS\NETMW145.sys [2006-08-16 14:43]
S3 PACSPTISVR;PACSPTISVR;C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 17:27]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 06:53]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 02:10]
S3 slabbus;sureshotgps USB Device driver (WDM);C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-03-07 20:28]
S3 slabser;sureshotgps USB-UART Drivers;C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-03-07 20:28]
S3 SLIP;BDA Slip De-Framer;C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 12:10]
S3 SPTISRV;Sony SPTI Service;C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 17:16]
S3 SSScsiSV;SonicStage SCSI Service;C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-05-08 04:24]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2006-08-08 11:26]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver;C:\WINDOWS\system32\DRIVERS\w22n51.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 13:28]
S3 WNIPROT5;WNIPROT5 Protocol Driver;C:\WINDOWS\System32\WNIPROT5.SYS []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper;c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 04:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da713c10-a451-11da-8435-0011502a3b0a}]
\Shell\AutoRun\command - D:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 00:14:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-08-22 11:40:09 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 06:43:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-07-10 6:51:29
ComboFix-quarantined-files.txt 2008-07-10 10:51:26

Pre-Run: 10,613,420,032 bytes free
Post-Run: 10,578,808,832 bytes free

234 --- E O F --- 2008-06-21 07:08:56

Edited by slipperx, 11 July 2008 - 08:13 AM.

  • 0

Advertisements


#2
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Since last edit managed to get Malewarebytes scan to run - found 11 zlob infections in url links. I removed and deleted them. Now scanning second time then will reboot and repair file associations again and reboot normally and will advise what happened. Thanks for reading and hope this log helps someone else.

Since last edit managed to get a DSS scan done and log is posted below the Hijack This log below thanks.

Since posting this I have noticed that if I reboot into normal mode have been in normal mode the previous session, the computer takes a long time to display the desktop icons and it doesn't matter how quick you are it is impossible to start anything. If I go into safe mode and run Dial-a-fix repair permissions and then reboot into normal mode the icons appear much quicker and it is just possible to get in quick enough to run a programme. Therefore I am now trying to get the Anti-spy software installed and will add the logs below here as soon as I manage to get that done. Thanks.

MAnaged to get Hijack This log during startup after multiple attempts - nothing else can be opened after about 10 seconds into windows startup so have to get in quick!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:46 AM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Watcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Belkin\F5D8011v2\chkdev.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phuket-estate.com/mail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\IAN\Application Data\Mozilla\Profiles\default\jgn7x4ly.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [E06AXLRD_6516159] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {56E4B9EB-4C79-4568-A19E-72794FA70060} (PatsShellOCX Control) - http://mtradeprouk.m...les6_1/pats.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132953381388
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} (Application Class) - https://www.tradesta...ugIn/tsTemp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 13686 bytes

Deckard's System Scanner v20071014.68
Run by Ian on 2008-07-09 07:55:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ian.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-09 07:58:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Ian\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Ian.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKServ.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CONEXANT\ADSL\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\watcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Belkin\F5D8011v2\ChkDev.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phuket-estate.com/mail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [E06AXLRD_6516159] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc3.cab
O16 - DPF: {56E4B9EB-4C79-4568-A19E-72794FA70060} (PatsShellOCX Control) - http://mtradeprouk.m...les6_1/pats.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132953381388
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} (Application Class) - https://www.tradesta...ugIn/tsTemp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe


--
End of file - 14830 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-08 02:00:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-07 07:07:07 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-06 19:52:34 0 d-------- C:\WINDOWS\Prefetch
2008-07-06 19:52:33 0 d-------- C:\WINDOWS\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\Test\Cookies
2008-07-06 19:52:33 0 d-------- C:\Documents and Settings\NetworkService\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\Ian\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\Guest\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\Default User\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\All Users\Cookies
2008-07-06 19:52:30 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-06 19:52:11 0 d-------- C:\WINDOWS\Recent
2008-07-06 19:52:11 0 d-------- C:\Documents and Settings\NetworkService\Recent
2008-07-06 19:52:11 0 d-------- C:\Documents and Settings\LocalService\Recent
2008-07-06 19:52:09 0 d-------- C:\Documents and Settings\All Users\Recent
2008-07-05 00:56:59 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-07-04 07:31:32 0 dr------- C:\Documents and Settings\Test\My Documents
2008-07-04 07:31:32 0 d--h----- C:\Documents and Settings\Test\Local Settings
2008-07-04 07:31:32 0 dr------- C:\Documents and Settings\Test\Favorites
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Desktop
2008-07-04 07:31:32 0 dr-h----- C:\Documents and Settings\Test\Application Data
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Symantec
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Sun
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Sony Corporation
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Mozilla
2008-07-04 07:31:32 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\Templates
2008-07-04 07:31:31 0 dr------- C:\Documents and Settings\Test\Start Menu
2008-07-04 07:31:31 0 dr-h----- C:\Documents and Settings\Test\SendTo
2008-07-04 07:31:31 0 dr-h----- C:\Documents and Settings\Test\Recent
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\PrintHood
2008-07-04 07:31:31 1310720 --ah----- C:\Documents and Settings\Test\NTUSER.DAT
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\NetHood
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-07-04 07:30:09 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Sony Corporation
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-07-04 07:30:09 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-07-04 07:30:08 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-07-04 07:30:08 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-07-04 07:30:07 1048576 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-06-30 04:30:28 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-30 01:46:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-30 01:15:55 528 --a------ C:\reset.cmd
2008-06-29 10:38:52 0 d-------- C:\Documents and Settings\Ian\Application Data\HouseCall 6.6
2008-06-29 10:38:46 0 d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-06-29 09:55:57 0 d-------- C:\Program Files\Enigma Software Group
2008-06-28 08:39:39 0 d-------- C:\WINDOWS\system32\788877
2008-06-22 03:28:52 6553600 --a------ C:\Documents and Settings\Ian\ntuser.dat
2008-06-22 03:28:51 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-09 04:49:36 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-27 12:01:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-27 11:58:43 0 d-------- C:\Documents and Settings\Ian\Application Data\AdobeUM
2008-05-13 22:09:31 0 d-------- C:\Documents and Settings\Ian\Application Data\HandicapMaster7
2008-05-13 22:09:14 0 d-------- C:\Program Files\HandicapMaster7


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 09:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/26/2004 12:00 AM]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [06/30/2004 12:45 AM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [06/29/2004 05:49 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [08/03/2004 07:56 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 06:36 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 08:00 AM C:\WINDOWS\system32\bthprops.cpl]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/30/2003 09:56 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/30/2003 10:00 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 04:00 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 04:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM]
"CnxDslTaskBar"="C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe" [04/27/2004 01:00 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/04/2004 08:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [09/29/2006 10:02 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [03/06/2007 06:11 AM]
"AirCardEnabler"="C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe" [10/26/2006 09:37 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [02/03/2004 05:42 PM]
"E06AXLRD_6516159"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [06/03/2005 01:30 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [09/26/2006 11:37 PM]

C:\Documents and Settings\Ian\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe [8/10/2006 3:21:05 AM]
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [12/11/2006 5:20:40 PM]
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [5/13/2008 9:20:46 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe [6/1/2007 9:31:40 AM]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [10/12/2005 11:00:30 PM]
eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [12/19/2005 11:22:07 AM]
eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [12/19/2005 11:22:08 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [11/4/2005 4:04:48 PM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da713c10-a451-11da-8435-0011502a3b0a}]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2231811-c73f-11db-84c8-000e35fd631e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs




-- End of Deckard's System Scanner: finished at 2008-07-09 07:59:39 ------------

Edited by slipperx, 09 July 2008 - 11:27 AM.

  • 0

#3
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello slipperx

Welcome to G2Go. :)
=====================
Can you post a fresh dss log and let me know of the remaining problems?
  • 0

#4
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi
Thanks for the response. I am having a terrible time getting to run dss.exe. I have rebooted the computer numberous times already, restored using safe mode and also tried rebuilding the permissions and resetting teh file associations again but whatever I do I cannot run any programs at all and cannot seem to get to dss.exe to run it before Windows is hijacked. All I get is an error saying 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access this item.' I am logging is as administrator and I can run anything from the Adminsitrator or my user account I use for normal log in if I go into safe mode but running dss.exe from safe mode isn't going to help you is it?

Any other ideas?
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes it will still do what it is supposed to.
Go ahead and do it from safe mode.
  • 0

#6
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi again and thanks so much for your time in helping me - its truly appreciated!!

Here is Main.txt

Deckard's System Scanner v20071014.68
Run by Ian on 2008-07-13 08:26:15
Computer is in Safe Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
59: 2008-06-27 10:50:15 UTC - RP568 - System Checkpoint
58: 2008-06-26 09:50:18 UTC - RP567 - System Checkpoint
57: 2008-06-25 09:18:24 UTC - RP566 - System Checkpoint
56: 2008-06-24 08:50:23 UTC - RP565 - System Checkpoint
55: 2008-06-23 08:16:33 UTC - RP564 - System Checkpoint


-- First Restore Point --
1: 2008-04-15 05:59:09 UTC - RP510 - Installed Java™ 6 Update 5


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ian.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:05 AM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ian\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phuket-estate.com/mail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\IAN\Application Data\Mozilla\Profiles\default\jgn7x4ly.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [E06AXLRD_6516159] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {56E4B9EB-4C79-4568-A19E-72794FA70060} (PatsShellOCX Control) - http://mtradeprouk.m...les6_1/pats.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132953381388
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} (Application Class) - https://www.tradesta...ugIn/tsTemp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 11430 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070810-123806-247 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
.pif - unable to read key
.reg - unable to read key
.reg - unable to read key
.reg - unable to read key
.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys

S1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
S2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
S2 tmmbd (Trend Micro MBD Driver) - c:\windows\system32\drivers\tm_mbd_c.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 CnxEtP (AccessRunner USB ADSL WAN Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
S3 CnxEtU (AccessRunner USB ADSL Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
S3 CnxTgN (AccessRunner USB ADSL WAN Adapter Driver) - c:\windows\system32\drivers\cnxtgn.sys <Not Verified; Conexant Systems Inc.; Conexant AccessRunner ADSL>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 w22n51 (Intel® PRO/Wireless 2200 Adapter Driver) - c:\windows\system32\drivers\w22n51.sys (file missing)
S3 WNIPROT5 (WNIPROT5 Protocol Driver) - c:\windows\system32\wniprot5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
S2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~2\pcctlcom.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
S2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
S2 SwiWiFiComm - c:\program files\sierra wireless\aircard 580\generic\components\swiwificomm.exe
S2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~2\tmntsrv.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
S2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~2\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~2\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:\progra~1\trendm~1\intern~2\pcscnsrv.exe" <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Fax Modem
Device ID: ROOT\MODEM\0000
Manufacturer: IVT Corporation
Name: Bluetooth Fax Modem
PNP Device ID: ROOT\MODEM\0000
Service: Modem

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth DUN Modem
Device ID: ROOT\MODEM\0001
Manufacturer: IVT Corporation
Name: Bluetooth DUN Modem
PNP Device ID: ROOT\MODEM\0001
Service: Modem

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAP Modem
Device ID: ROOT\MODEM\0002
Manufacturer: IVT Corporation
Name: Bluetooth LAP Modem
PNP Device ID: ROOT\MODEM\0002
Service: Modem


-- Scheduled Tasks -------------------------------------------------------------

2008-07-13 05:50:18 302 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-06-27 20:14:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-08-22 07:40:09 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job


-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-11 11:18:08 0 d-------- C:\Program Files\Enigma Software Group
2008-07-11 10:23:47 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-11 02:06:13 0 d--hs---- C:\WINDOWS\CSC
2008-07-11 01:45:47 0 d-------- C:\RECYCLER(2)
2008-07-10 07:01:08 6553600 --a------ C:\Documents and Settings\Ian\ntuser.dat
2008-07-10 07:01:06 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-10 06:15:35 68096 --a------ C:\WINDOWS\zip.exe
2008-07-10 06:15:35 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-10 06:15:35 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-10 06:15:35 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-10 06:15:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-10 06:15:35 98816 --a------ C:\WINDOWS\sed.exe
2008-07-10 06:15:35 80412 --a------ C:\WINDOWS\grep.exe
2008-07-10 06:15:35 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-10 03:27:20 0 d-------- C:\WINDOWS\system32\788877
2008-07-09 21:15:41 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-09 21:11:31 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-09 11:59:52 0 d-------- C:\Documents and Settings\Ian\Application Data\Malwarebytes
2008-07-09 11:59:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 11:58:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 10:24:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 10:24:54 0 d-------- C:\Documents and Settings\Ian\Application Data\SUPERAntiSpyware.com
2008-07-09 10:18:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 02:00:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-06 19:52:34 0 d-------- C:\WINDOWS\Prefetch
2008-07-06 19:52:33 0 d-------- C:\WINDOWS\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\Test\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\Ian\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\Guest\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\Default User\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\All Users\Cookies
2008-07-06 19:52:30 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-06 19:52:11 0 d-------- C:\WINDOWS\Recent
2008-07-06 19:52:11 0 d-------- C:\Documents and Settings\NetworkService\Recent
2008-07-06 19:52:11 0 d-------- C:\Documents and Settings\LocalService\Recent
2008-07-06 19:52:09 0 d-------- C:\Documents and Settings\All Users\Recent
2008-07-05 00:56:59 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-07-04 07:31:32 0 dr------- C:\Documents and Settings\Test\My Documents <MYDOCU~1>
2008-07-04 07:31:32 0 d--h----- C:\Documents and Settings\Test\Local Settings <LOCALS~1>
2008-07-04 07:31:32 0 dr------- C:\Documents and Settings\Test\Favorites <FAVORI~1>
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Desktop
2008-07-04 07:31:32 0 dr-h----- C:\Documents and Settings\Test\Application Data <APPLIC~1>
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Symantec
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Sun
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Sony Corporation
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Mozilla
2008-07-04 07:31:32 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\Templates <TEMPLA~1>
2008-07-04 07:31:31 0 dr------- C:\Documents and Settings\Test\Start Menu <STARTM~1>
2008-07-04 07:31:31 0 dr-h----- C:\Documents and Settings\Test\SendTo
2008-07-04 07:31:31 0 dr-h----- C:\Documents and Settings\Test\Recent
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\PrintHood <PRINTH~1>
2008-07-04 07:31:31 1310720 --ah----- C:\Documents and Settings\Test\NTUSER.DAT
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\NetHood
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-07-04 07:30:09 0 dr-h----- C:\Documents and Settings\Guest\Application Data <APPLIC~1>
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Sony Corporation
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-07-04 07:30:09 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\Templates <TEMPLA~1>
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\Start Menu <STARTM~1>
2008-07-04 07:30:08 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-07-04 07:30:08 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\PrintHood <PRINTH~1>
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\My Documents <MYDOCU~1>
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\Local Settings <LOCALS~1>
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\Favorites <FAVORI~1>
2008-07-04 07:30:07 1048576 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-06-30 04:30:28 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-30 01:46:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-30 01:15:55 528 --a------ C:\reset.cmd
2008-06-29 10:38:52 0 d-------- C:\Documents and Settings\Ian\Application Data\HouseCall 6.6
2008-06-29 10:38:46 0 d-------- C:\WINDOWS\system32\HouseCall 6.6


-- Find3M Report ---------------------------------------------------------------

2008-07-13 05:13:29 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-10 03:45:55 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-09 10:18:03 0 d-------- C:\Program Files\Common Files
2008-05-27 12:01:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-27 11:58:43 0 d-------- C:\Documents and Settings\Ian\Application Data\AdobeUM
2008-05-13 22:09:31 0 d-------- C:\Documents and Settings\Ian\Application Data\HandicapMaster7
2008-05-13 22:09:14 0 d-------- C:\Program Files\HandicapMaster7


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 09:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/26/2004 12:00 AM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [06/30/2004 12:45 AM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [06/29/2004 05:49 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [08/03/2004 07:56 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 06:36 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 08:00 AM C:\WINDOWS\system32\bthprops.cpl]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/30/2003 09:56 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/30/2003 10:00 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 04:00 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 04:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM]
"CnxDslTaskBar"="C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe" [04/27/2004 01:00 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/04/2004 08:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [09/29/2006 10:02 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [03/06/2007 06:11 AM]
"AirCardEnabler"="C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe" [10/26/2006 09:37 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [02/03/2004 05:42 PM]
"E06AXLRD_6516159"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [06/03/2005 01:30 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [09/26/2006 11:37 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Ian\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe [8/10/2006 3:21:05 AM]
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [12/11/2006 5:20:40 PM]
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [5/13/2008 9:20:46 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe [6/1/2007 9:31:40 AM]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [10/12/2005 11:00:30 PM]
eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [12/19/2005 11:22:07 AM]
eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [12/19/2005 11:22:08 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [11/4/2005 4:04:48 PM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da713c10-a451-11da-8435-0011502a3b0a}]
AutoRun\command- D:\setupSNK.exe

*Newly Created Service* - DCFS2K



-- End of Deckard's System Scanner: finished at 2008-07-13 08:29:08 ------------
  • 0

#7
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
And here is extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 1022.98 MiB / 798.92 MiB
Pagefile Memory (total/avail): 2463.71 MiB / 2383.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.22 MiB

C: is Fixed (NTFS) - 50.87 GiB total, 9.42 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 2 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 50.87 GiB - C:

\\.\PHYSICALDRIVE1 - Sony Storage Media USB Device - 1913.99 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 1919.98 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1420 (Trend Micro, Inc.) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\\CyberTrader\\CyberTraderPro.exe"="C:\\CyberTrader\\CyberTraderPro.exe:*:Enabled:CyberTrader Pro"
"C:\\Program Files\\eSignal\\winros.exe"="C:\\Program Files\\eSignal\\winros.exe:*:Enabled:eSignal Data Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Tee2Green\\SureAnalysis\\SureAnalysis.exe"="C:\\Program Files\\Tee2Green\\SureAnalysis\\SureAnalysis.exe:*:Enabled:SureAnalysis for Golf"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ian\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IANS_VAIO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ian
LOGONSERVER=\\IANS_VAIO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\QuickTime\QTSystem;c:\Program Files\Microsoft SQL Server\90\Tools\binn;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SAFEBOOT_OPTION=MINIMAL
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ian\LOCALS~1\Temp
USERDOMAIN=IANS_VAIO
USERNAME=Ian
USERPROFILE=C:\Documents and Settings\Ian
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ian (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> Dummy
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessRunner USB ADSL WAN Adapter --> C:\Program Files\Conexant\DSL Wizard\Setup.exe -u
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adaptick ICE 2.6 for MetaStock --> MsiExec.exe /X{28DB7348-9589-4000-9319-67E1D2937CF5}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audible Download Manager --> C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
AutoCAD LT 2004 --> MsiExec.exe /I{5783F2D7-0209-0409-0000-0060B0CE6BBA}
Autodesk Express Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Belkin N1 Wireless Notebook Card Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A3F5181-D451-461B-B749-A5C2F91E1261}\setup.exe" -l0x9 -removeonly
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
ClearContext Information Management System --> MsiExec.exe /X{BA59D55E-AC4A-458F-9DB0-A892B8B4A201}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
CSI Unfair Advantage 2.9.4 --> MsiExec.exe /I{77210D70-5547-43E3-9A12-8D58AE0F2020}
CyberTrader Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02790682-D8D0-4A7D-8773-3782AB260E0E}\setup.exe" -l0x9
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
eFax Messenger 4.0 --> C:\Program Files\eFax Messenger 4.0\Uninstall.exe
eSignal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03EA3D6E-D92B-11D0-892B-00A0C91827B3}\setup.exe" -uninst
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe"
FXCM Trading Station II --> C:\PROGRA~1\CANDLE~1\FXTS2\uninstall.exe FXCM Trading Station II
Gamma Trading Identifier 1.0 --> "C:\Program Files\Gamma Trading Identifier\unins000.exe"
Garmin WebUpdater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) --> C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HandicapMaster Version 7 --> "C:\Program Files\HandicapMaster7\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_bfd37\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\setup.exe" -l0x9 AddRemove
MapSource - City Select North America v6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{5F8434AA-E977-4A28-8D39-35969565DF53} /l1033
Market Center Direct --> C:\WINDOWS\uninst.exe -f"C:\Program Files\RJOBrien\MCD\DeIsL1.isu" -c"C:\Program Files\RJOBrien\MCD\_ISREG32.DLL"
Marketmaker Spreadbet Client --> "C:\Program Files\Marketmaker\Spreadbet Client\UninstallerData\Uninstall Marketmaker Spreadbet Client.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
MetaStock Professional 9.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Equis\Uninst.isu"
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Premium 2006 DVD --> MsiExec.exe /I{06040081-3E21-46D6-9A91-D927BA08F41D}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Express Edition (VPINSTANCE) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobiSMS --> C:\Program Files\MobiSMS\mobisms.exe -u
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Netscape (7.02) --> C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9
NewsBin Pro V5 --> C:\Program Files\NewsBin\uninst.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PPCUpdater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1E67014-5352-4C95-AE1C-4129694CBD02}\Setup.exe" -l0x9
Pristine eSignal Tools --> C:\WINDOWS\Pristine eSignal Tools Uninstaller.exe
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
Shark Tale --> MsiExec.exe /I{1B63D49E-6AF1-4783-9D77-615BE336704A}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Sierra Wireless AirCard® 580 --> MsiExec.exe /X{9B0D202C-C0B4-4EEB-BE00-03D9F2279A35}
Sierra Wireless Network Adapter Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DEC2C44-BB50-11D4-9E04-0050DA701DC9}\setup.exe" UNINSTALL
Simple Sudoku 4.2 --> "C:\Program Files\Simple Sudoku\unins000.exe"
Singles2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4851D03-553C-4ACE-ADBD-CA6BE8451072}\setup.exe" -l0x9 -removeonly
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftV92 Data Fax Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_818C104D\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_818C104D
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Download Taxi 1.5.0.0 --> "C:\Program Files\Sony\Download Taxi\unins000.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyGlass --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DeBry\Uninst.isu"
SureAnalysis 2.11 --> "C:\Program Files\Tee2Green\SureAnalysis\unins000.exe"
sureshotgps USB-UART --> C:\WINDOWS\system32\ssunin2k.exe C:\WINDOWS\system32\ssunin.u2k
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
The Sims --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\The Sims\Uninst.isu"
Trader Workstation --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.interacti...asses/tws.jnlp"
Trader Workstation 4.0 --> C:\Jts\UNWISE.EXE C:\Jts\INSTALL.LOG
Traders Edge --> rundll32.exe dfshim.dll,ShArpMaintain TradersEdge.application, Culture=neutral, PublicKeyToken=b3d19cedb7dea926, processorArchitecture=msil
TradeStation 8.2 (Build 3896) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2C29C471-1CE1-461C-96B3-46A8F6CDB792} TradeStation Uninstall
TradeStation 8.3 (Build 1630) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9AE94DEC-BE56-4F61-94EF-FCA89C5C6E88} TradeStation Uninstall
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO SLIT-C Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\setup.exe" -l0x9
VAIO SLIT Pattern Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\setup.exe" -l0x9
VAIO Update 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656C}\setup.exe" -l0x9
VAIO Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\Setup.exe" -l0x9
VantagePoint Intermarket Analysis Software --> MsiExec.exe /I{E1CEACF6-6DC6-40CF-945D-B65606B9C95D}
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Volcone Analyzer Pro 1.4 --> "C:\Program Files\Volcone Analyzer Pro 1.4\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCam for MSN Messenger --> Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wireless Switch Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type22089 / Error
Event Submitted/Written: 07/13/2008 04:43:51 AM
Event ID/Source: 17204 / MSSQL$SQLEXPRESS
Event Description:
FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is denied.).

Event Record #/Type22088 / Error
Event Submitted/Written: 07/13/2008 04:43:51 AM
Event ID/Source: 17207 / MSSQL$SQLEXPRESS
Event Description:
FCB::Open: Operating system error 5(Access is denied.) occurred while creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\DATA\mastlog.ldf'. Diagnose and correct the operating system error, and retry the operation.

Event Record #/Type22087 / Error
Event Submitted/Written: 07/13/2008 04:43:51 AM
Event ID/Source: 17204 / MSSQL$VPINSTANCE
Event Description:
FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is denied.).

Event Record #/Type22086 / Error
Event Submitted/Written: 07/13/2008 04:43:51 AM
Event ID/Source: 17207 / MSSQL$VPINSTANCE
Event Description:
FCB::Open: Operating system error 5(Access is denied.) occurred while creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'. Diagnose and correct the operating system error, and retry the operation.

Event Record #/Type22085 / Error
Event Submitted/Written: 07/13/2008 04:43:50 AM
Event ID/Source: 17204 / MSSQL$SQLEXPRESS
Event Description:
FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is denied.).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30555 / Error
Event Submitted/Written: 07/13/2008 08:26:22 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
DMICall
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
tmtdi

Event Record #/Type30554 / Error
Event Submitted/Written: 07/13/2008 08:26:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error:
%%31

Event Record #/Type30553 / Error
Event Submitted/Written: 07/13/2008 08:26:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type30552 / Error
Event Submitted/Written: 07/13/2008 08:26:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Event Record #/Type30551 / Error
Event Submitted/Written: 07/13/2008 08:26:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-13 08:29:08 ------------
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit ok.
Place a check next to everything and click on Fix.
Then scan again and it should say all associations ok.
======================================================
Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\WINDOWS\system32\788877 /a h > files.txt
notepad files.txt


Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here.
  • 0

#9
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Did as suggested but am having to use safe mode. The reset routine went exactly as you described adb reported all fixed. The notepad.txt log just says as below.

The computer is still refusing to run any .exe .bat .cmd etc. files when you boot into normal mode so the problems are as before. Here is the text log:

volume in drive C has no label.
volume serial number is 28BB-9710

Directory of c:\windows\system32 788877

07/10/2008 03:27 AM <DIR> .
07/10/2008 03:27 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Ian\Desktop


I did notice the file in the log above fdsv.exe is reported as malware on the web - should I remove it?

Thanks again for your help

Edited by slipperx, 14 July 2008 - 04:36 AM.

  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No it's not malware it is part of Combofix or Smitfraud fix or other tools that we use here.

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#11
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi
I tried that. The Cleaner worked fine and removed some files (I thought I'd already done that once but anyway on the second run through it said no files found so must be clean). The kapersky scan I tried to do before but was not able to get it to run because the problem on the computer will not allow you to open explorer so I can;t get on the internet. In safe mode I can get on teh internet but the scanner requires Java version 1.5 (which I thought I had but maybe not) and I cannot do the install of that in safe mode as it gives me an error saying the Administrator has set policies restricting the installation - which I guess is just to do with safe mode and not to do with the permissions restrictions which the virus is imposing.

Not sure how to get around those problems

Regards
Ian
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)

  • 0

#13
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi
OK here is the log that came from DrWeb - hope it helps. This is proving to be a rather nasty difficult to remove infection. Thanks.

ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Ian\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Ian\Desktop;Archive contains infected objects;Moved.;
A0096383.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{208734FE-E9F5-4A9E-941E-DE507A5BE0D0}\RP581\A0096383.exe;Program.PsExec.171;;
A0096383.exe;C:\System Volume Information\_restore{208734FE-E9F5-4A9E-941E-DE507A5BE0D0}\RP581;Archive contains infected objects;Moved.;
A0106201.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{208734FE-E9F5-4A9E-941E-DE507A5BE0D0}\RP588\A0106201.exe;Program.PsExec.171;;
A0106201.exe;C:\System Volume Information\_restore{208734FE-E9F5-4A9E-941E-DE507A5BE0D0}\RP588;Archive contains infected objects;Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;F:\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;F:\;Archive contains infected objects;Moved.;

Booted back into normal mode but all problems remain and behaviour is as before. Drive F is a removable USB drive.
Best Regards

Edited by slipperx, 14 July 2008 - 11:45 PM.

  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I don't really see any actual malware in your log just some leftovers.

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then please go to Start >Control Panel >Add\Remove programs
remove these below:
Viewpoint

Close Control Panel.

Then I will need you to show hidden Files \Folders.
To do this:
*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Show hidden files and folders.
*Uncheck the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK

After that using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete these folders listed below:

C:\WINDOWS\system32\788877
C:\Program Files\Viewpoint

Now close Windows Explorer.

Now reset your Hidden files\folders to hidden.
To do this:
To reset:*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Do not Show hidden files and folders.
*Check the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK
=============================
Reboot and post a new dss log.
  • 0

#15
slipperx

slipperx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi
Well I did as you suggested and the log is posted below. The thing is that I am 99% certain that the problems are to do with a virus or malware or some other evil thing lurking in the computer and that it came along with the Zlob virus because as soon as I got the virus I cleaned it and on next reboot these issues started to appear. Now if I log in in safe mode then my profile loads fine and I can do pretty much anything, run any program, get on the internet and so on. As soon as I boot normally any program clicked results in the "You do not have access ....maybe you do not have permissions.." error warning pops up and the load operatin fails. Now if the profile loads fine in safe mode then something must be being loaded in normal mode. It appears that eiher the registry is altered during startup allowing the permissions to be blocked and then whatever process it is removes itself so you cannot see it in the safe mode scans. As I say before I could sometimes get one or two programs to run if I immediately clicked on the icons while the startup process was going on but even this small benefit has now disappeared. I am not a super technical computer wizard or anything but I am sure it is an issue resulting from the infection but I do not know what else to try.
I had to run dss.exein safe mode again as normal mode just refused me access yet allows access in safe mode using the same profile. One other strange thing is that the Trend Micro control panel and facilities are all available in normal boot - that is not something that gets screwed up - maybe because it is loaded during the startup proces. I also nopticed that when I did manage to get a couple of the scans and stuff done earlier when I jumped in really quick (which I don;t seem to be able to do anymore) that program could be run with no problems but other programs would be locked out a very short time after - so it seems to me that some process is getting startup during logon that blocks access to programs but sometimes you could get in before that process had completed and then you could use the program.

Deckard's System Scanner v20071014.68
Run by Ian on 2008-07-16 06:30:44
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------



-- HijackThis (run as Ian.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:54 AM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ian\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phuket-estate.com/mail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\IAN\Application Data\Mozilla\Profiles\default\jgn7x4ly.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [E06AXLRD_6516159] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {56E4B9EB-4C79-4568-A19E-72794FA70060} (PatsShellOCX Control) - http://mtradeprouk.m...les6_1/pats.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132953381388
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} (Application Class) - https://www.tradesta...ugIn/tsTemp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 11548 bytes

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-14 12:35:00 0 d-------- C:\Documents and Settings\Ian\DoctorWeb
2008-07-11 11:18:08 0 d-------- C:\Program Files\Enigma Software Group
2008-07-11 10:23:47 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-11 02:06:13 0 d--hs---- C:\WINDOWS\CSC
2008-07-11 01:45:47 0 d-------- C:\RECYCLER(2)
2008-07-10 07:01:08 6553600 --a------ C:\Documents and Settings\Ian\ntuser.dat
2008-07-10 07:01:06 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-10 06:15:35 68096 --a------ C:\WINDOWS\zip.exe
2008-07-10 06:15:35 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-10 06:15:35 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-10 06:15:35 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-10 06:15:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-10 06:15:35 98816 --a------ C:\WINDOWS\sed.exe
2008-07-10 06:15:35 80412 --a------ C:\WINDOWS\grep.exe
2008-07-10 06:15:35 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-09 21:15:41 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-09 21:11:31 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-09 11:59:52 0 d-------- C:\Documents and Settings\Ian\Application Data\Malwarebytes
2008-07-09 11:59:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 11:58:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 10:24:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 10:24:54 0 d-------- C:\Documents and Settings\Ian\Application Data\SUPERAntiSpyware.com
2008-07-09 10:18:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 02:00:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-06 19:52:34 0 d-------- C:\WINDOWS\Prefetch
2008-07-06 19:52:33 0 d-------- C:\WINDOWS\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\Test\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-06 19:52:33 0 d--hs---- C:\Documents and Settings\Ian\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\Guest\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\Default User\Cookies
2008-07-06 19:52:30 0 d-------- C:\Documents and Settings\All Users\Cookies
2008-07-06 19:52:30 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-06 19:52:11 0 d-------- C:\WINDOWS\Recent
2008-07-06 19:52:11 0 d-------- C:\Documents and Settings\NetworkService\Recent
2008-07-06 19:52:11 0 d-------- C:\Documents and Settings\LocalService\Recent
2008-07-06 19:52:09 0 d-------- C:\Documents and Settings\All Users\Recent
2008-07-05 00:56:59 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-07-04 07:31:32 0 dr------- C:\Documents and Settings\Test\My Documents
2008-07-04 07:31:32 0 d--h----- C:\Documents and Settings\Test\Local Settings
2008-07-04 07:31:32 0 dr------- C:\Documents and Settings\Test\Favorites
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Desktop
2008-07-04 07:31:32 0 dr-h----- C:\Documents and Settings\Test\Application Data
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Symantec
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Sun
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Sony Corporation
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Mozilla
2008-07-04 07:31:32 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2008-07-04 07:31:32 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\Templates
2008-07-04 07:31:31 0 dr------- C:\Documents and Settings\Test\Start Menu
2008-07-04 07:31:31 0 dr-h----- C:\Documents and Settings\Test\SendTo
2008-07-04 07:31:31 0 dr-h----- C:\Documents and Settings\Test\Recent
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\PrintHood
2008-07-04 07:31:31 1310720 --ah----- C:\Documents and Settings\Test\NTUSER.DAT
2008-07-04 07:31:31 0 d--h----- C:\Documents and Settings\Test\NetHood
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-07-04 07:30:09 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Sony Corporation
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-07-04 07:30:09 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-07-04 07:30:09 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-07-04 07:30:08 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-07-04 07:30:08 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-07-04 07:30:08 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-07-04 07:30:08 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-07-04 07:30:07 1048576 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-06-30 04:30:28 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-30 01:46:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-30 01:15:55 528 --a------ C:\reset.cmd
2008-06-29 10:38:52 0 d-------- C:\Documents and Settings\Ian\Application Data\HouseCall 6.6
2008-06-29 10:38:46 0 d-------- C:\WINDOWS\system32\HouseCall 6.6


-- Find3M Report ---------------------------------------------------------------

2008-07-16 06:26:33 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-10 03:45:55 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-09 10:18:03 0 d-------- C:\Program Files\Common Files
2008-05-27 12:01:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-27 11:58:43 0 d-------- C:\Documents and Settings\Ian\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 09:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/26/2004 12:00 AM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [06/30/2004 12:45 AM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [06/29/2004 05:49 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [08/03/2004 07:56 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 06:36 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 08:00 AM C:\WINDOWS\system32\bthprops.cpl]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/30/2003 09:56 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/30/2003 10:00 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 04:00 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 04:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM]
"CnxDslTaskBar"="C:\Program Files\Conexant\ADSL\AccessRunner ADSL\CnxDslTb.exe" [04/27/2004 01:00 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/04/2004 08:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [09/29/2006 10:02 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [03/06/2007 06:11 AM]
"AirCardEnabler"="C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe" [10/26/2006 09:37 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [02/03/2004 05:42 PM]
"E06AXLRD_6516159"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [06/03/2005 01:30 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [09/26/2006 11:37 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Ian\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe [8/10/2006 3:21:05 AM]
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [12/11/2006 5:20:40 PM]
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [5/13/2008 9:20:46 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8011v2\Belkinwcui.exe [6/1/2007 9:31:40 AM]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [10/12/2005 11:00:30 PM]
eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [12/19/2005 11:22:07 AM]
eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [12/19/2005 11:22:08 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [11/4/2005 4:04:48 PM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da713c10-a451-11da-8435-0011502a3b0a}]
AutoRun\command- D:\setupSNK.exe

*Newly Created Service* - DCFS2K



-- End of Deckard's System Scanner: finished at 2008-07-16 06:31:32 ------------

Edited by slipperx, 16 July 2008 - 05:24 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP