Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRUS WITH RED BIOHAZARD WALL PAPER [CLOSED]


  • This topic is locked This topic is locked

#1
thisbeautyisageek

thisbeautyisageek

    New Member

  • Member
  • Pip
  • 1 posts
Basically, i got that virus that changes ur wallpaper to that red wallpaper with the biohazard sign and reads "your privacy is in danger...download..." and gives u like a shitload of pop ups. i saw one of the previous threads on it and followed all the directions but im still having minor problems...the major things like the wallpaper and te pop ups are gone but im still having minor problems. for example my start menu doesnt have the shortcut for "run" or "control panel"..it only as "set program access and defaults"..so how do i get to my control panel...and it wont let me do certain things...it says my administrator wont allow it...althought i am the administrator...and one more minor problem is ont the taskbar the time/date side is still effed up...for example right now it says 20:54: VIRUS ALERT!...well heres what i did and here ar the reports


first i used the SDFix



SDFix: Version 1.209
Run by Administrator on Mon 07/28/2008 at 19:52

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
lanmandrv

Path :
\??\C:\WINDOWS\System32\lanmandrv.sys

lanmandrv - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\vtUmKebx.dll - Deleted
C:\Documents and Settings\Daddy\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Daddy\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Mommy\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Mommy\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Nikia\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Nikia\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Pereese\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Pereese\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\PJ\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\PJ\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Daddy\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Daddy\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Mommy\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Mommy\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Nikia\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Nikia\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Pereese\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Pereese\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\PJ\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\PJ\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Daddy\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Daddy\Favorites\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Mommy\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Mommy\Favorites\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Nikia\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Nikia\Favorites\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Pereese\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Pereese\Favorites\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\PJ\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\PJ\Favorites\Spyware&Malware Protection.url - Deleted
C:\Program Files\PCHealthCenter\0.exe - Deleted
C:\Program Files\PCHealthCenter\0.gif - Deleted
C:\Program Files\PCHealthCenter\1.exe - Deleted
C:\Program Files\PCHealthCenter\1.gif - Deleted
C:\Program Files\PCHealthCenter\2.exe - Deleted
C:\Program Files\PCHealthCenter\2.gif - Deleted
C:\Program Files\PCHealthCenter\3.gif - Deleted
C:\Program Files\PCHealthCenter\4.exe - Deleted
C:\Program Files\PCHealthCenter\5.exe - Deleted
C:\Program Files\PCHealthCenter\sc.html - Deleted
C:\Program Files\PCHealthCenter\sex1.ico - Deleted
C:\Program Files\PCHealthCenter\sex2.ico - Deleted
C:\Program Files\VAV\vav.cpl - Deleted
C:\Program Files\VAV\vav.exe - Deleted
C:\Program Files\VAV\vav0.dat - Deleted
C:\Program Files\VAV\vav1.dat - Deleted
C:\WINDOWS\system32\sex1.ico - Deleted
C:\WINDOWS\system32\sex2.ico - Deleted
C:\smp.bat - Deleted
C:\WINDOWS\grswptdl.exe - Deleted
C:\WINDOWS\system32\lanmanwrk.exe - Deleted
C:\WINDOWS\system32\qmopt.dll - Deleted
C:\WINDOWS\system32\vav.cpl - Deleted
C:\WINDOWS\system32\lanmandrv.sys - Deleted


Could Not Remove C:\WINDOWS\system32\WinCtrl32.dll

Folder C:\Program Files\PCHealthCenter - Removed
Folder C:\Program Files\VAV - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 20:12:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\lanmanwrk.exe [5124] 0x817EAAF0

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\lanmandrv.sys 8064 bytes executable
C:\WINDOWS\system32\lanmanwrk.exe 34304 bytes executable

scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 2


Remaining Services :

lanmandrv



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

C:\WINDOWS\system32\WinCtrl32.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jul 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Mon 28 Jul 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sun 20 Apr 2008 4,719,632 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\003bb8bbe9f41a593f54050bf67fed75\BIT1B1.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ed1b59d1a09d907b309130a93a4867a\BIT1B3.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\200656e0652add58e280cffc567cd95a\BIT1B8.tmp"
Sun 20 Apr 2008 10,089,488 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5b34e1df94075cd8ea6839a668366d9e\BIT1B5.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60f98441524da959e4cfd96533bfcea5\BIT1B2.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6efcd3506d8bb09b521fd2ab4ee258bc\BIT1AB.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9526baba4c0a42975f8fabcda9ca8dc3\BIT1B7.tmp"
Sun 20 Apr 2008 17,222,672 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b0bbf9bad2a96231d750c48395570f92\BIT1A8.tmp"
Sun 20 Apr 2008 1,229,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc7043d60e692448b548f03d568309ab\BIT1B6.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c212d67be1f86f86c36e82bc3c8d87df\BIT1AC.tmp"

Finished!



Then i ran the SmitFraudFix


SmitFraudFix v2.331

Scan done at 20:21:00.20, Mon 07/28/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7CD594E-8F0D-44AA-A84D-257A2AE0ADF9}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7CD594E-8F0D-44AA-A84D-257A2AE0ADF9}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A7CD594E-8F0D-44AA-A84D-257A2AE0ADF9}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


And then i did the DSS scanner. Here's the extra.txt report

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 509.98 MiB / 178.96 MiB
Pagefile Memory (total/avail): 1248.65 MiB / 878.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.87 MiB

C: is Fixed (NTFS) - 149 GiB total, 133.36 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y160P0 - 149.01 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
AUState says computer is ready and waiting.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-C5643BEF89
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HOME-C5643BEF89
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=HOME-C5643BEF89
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Pereese (admin)
PJ (admin)
Daddy (admin)
Mommy (admin)
Nikia (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avatar Bobble Battles --> C:\PROGRA~1\NICKAR~1\AVATAR~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\AVATAR~1\INSTALL.LOG
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.480 --> C:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0 --> C:\Program Files\HP\Digital Imaging\{03E66394-42F0-4745-85F7-0A2F8F35C09F}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
Inside the ACT 2003 Deluxe --> C:\Program Files\The Learning Company\Inside the ACT 2003 Deluxe\uninstall.exe
Inside the SAT 2003 Deluxe --> C:\Program Files\The Learning Company\Inside the SAT 2003 Deluxe\uninstall.exe
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Morpheus 5.3 (remove only) --> "C:\Program Files\Morpheus\UninstMorpheus.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,[email protected]
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Super Granny® 4 --> C:\PROGRA~1\NICKAR~1\SUPERG~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SUPERG~1\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{F1E17FB0-12BC-45D0-ABA3-287F2A1E3A1E}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type9318 / Warning
Event Submitted/Written: 07/28/2008 08:28:21 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type9317 / Warning
Event Submitted/Written: 07/28/2008 08:28:21 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type9316 / Error
Event Submitted/Written: 07/28/2008 08:28:20 PM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type9309 / Error
Event Submitted/Written: 07/28/2008 08:12:17 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225620.

Event Record #/Type9308 / Error
Event Submitted/Written: 07/28/2008 08:12:17 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225620.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type591 / Error
Event Submitted/Written: 07/28/2008 08:29:29 PM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The Fast User Switching Compatibility service depends on the following nonexistent service: TermService

Event Record #/Type574 / Error
Event Submitted/Written: 07/28/2008 08:27:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type573 / Error
Event Submitted/Written: 07/28/2008 08:25:53 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type572 / Error
Event Submitted/Written: 07/28/2008 08:21:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service McNASvc with arguments ""
in order to run the server:
{24F616A1-B755-4053-8018-C3425DC8B68A}

Event Record #/Type571 / Error
Event Submitted/Written: 07/28/2008 08:21:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service McNASvc with arguments ""
in order to run the server:
{24F616A1-B755-4053-8018-C3425DC8B68A}



-- End of Deckard's System Scanner: finished at 2008-07-28 20:35:03 ------------

And here's the main.txt report
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-28 20:31:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-07-29 00:31:59 UTC - RP66 - Deckard's System Scanner Restore Point
23: 2008-07-27 16:42:27 UTC - RP65 - Last known good configuration
22: 2008-07-27 16:41:43 UTC - RP64 - System Checkpoint
21: 2008-07-27 16:41:43 UTC - RP63 - System Checkpoint
20: 2008-07-27 16:41:43 UTC - RP62 - System Checkpoint


-- First Restore Point --
1: 2008-07-27 16:41:21 UTC - RP43 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-28 20:33:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {0dd44d4c-0216-350a-d974-6c1df4b50250} - {05205b4f-d1c6-479d-a053-6120c4d44dd0} - C:\WINDOWS\system32\dilnry.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {8F5E1D68-8DF5-4772-A59B-4EBC82097844} - C:\WINDOWS\system32\nnnnNDUk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [f48bac4b] rundll32.exe "C:\WINDOWS\system32\lmtviyvw.dll",b
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sys1.exe] C:\Windows\Sys1.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PJ\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204332793265
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 12284 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Winhn62 - c:\windows\system32\drivers\winhn62.sys
R1 lanmandrv - c:\windows\system32\lanmandrv.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 00:55:55 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-28 00:55:53 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-07-10 19:03:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 20:15:46 724 --a------ C:\WINDOWS\system32\qmopt.dll
2008-07-28 20:04:40 16384 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-07-28 19:44:58 0 d-------- C:\WINDOWS\ERUNT
2008-07-28 19:13:19 34304 --a------ C:\WINDOWS\system32\drivers\562lsf.exe
2008-07-28 16:50:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-28 16:49:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-28 14:07:32 34304 --a------ C:\WINDOWS\system32\drivers\921lsf.exe
2008-07-28 14:01:03 31744 --a------ C:\WINDOWS\Sys3.exe
2008-07-28 12:52:17 34304 --a------ C:\WINDOWS\system32\drivers\484lsf.exe
2008-07-28 12:46:07 0 d-------- C:\Documents and Settings\Nikia\Application Data\SiteAdvisor
2008-07-28 06:35:27 34304 --a------ C:\WINDOWS\system32\drivers\546lsf.exe
2008-07-28 06:29:59 31744 --a------ C:\WINDOWS\SysC.exe
2008-07-28 06:29:59 0 --a------ C:\WINDOWS\SysB.exe
2008-07-28 06:29:57 0 --a------ C:\WINDOWS\Sys9.exe
2008-07-28 06:29:56 0 d-------- C:\Documents and Settings\PJ\Application Data\SiteAdvisor
2008-07-28 02:15:47 2624 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-28 02:14:57 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-28 02:14:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-28 02:14:57 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-28 02:14:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-28 02:14:57 53248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-28 02:14:57 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-28 02:14:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-28 02:14:57 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-28 02:11:42 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-28 02:11:42 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-28 02:11:42 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-28 02:11:42 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-28 02:11:42 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-28 02:11:42 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-28 02:11:42 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-28 02:11:42 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-28 02:11:42 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-28 02:11:42 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-28 02:11:42 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-28 02:11:42 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-28 02:11:42 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-28 02:11:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-28 01:05:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-28 01:05:15 0 d-------- C:\Program Files\SiteAdvisor
2008-07-28 01:05:14 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-07-28 01:05:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-28 01:02:17 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-07-28 00:54:48 0 d-------- C:\Program Files\McAfee.com
2008-07-28 00:53:22 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-28 00:53:12 0 d-------- C:\Program Files\McAfee
2008-07-28 00:42:43 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-28 00:16:29 34304 --a------ C:\WINDOWS\system32\drivers\406lsf.exe
2008-07-28 00:14:18 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-07-27 23:53:11 34304 --a------ C:\WINDOWS\system32\drivers\875lsf.exe
2008-07-27 23:50:33 0 d-------- C:\Documents and Settings\Daddy\Application Data\TmpRecentIcons
2008-07-27 22:37:36 34304 --a------ C:\WINDOWS\system32\drivers\671lsf.exe
2008-07-27 21:40:14 34304 --a------ C:\WINDOWS\system32\drivers\0lsf.exe
2008-07-27 21:38:35 95360 --a------ C:\WINDOWS\system32\lmtviyvw.dll
2008-07-27 21:35:59 116352 --a------ C:\WINDOWS\system32\dilnry.dll
2008-07-27 21:35:57 116352 --a------ C:\WINDOWS\system32\kdopregm.dll
2008-07-27 21:35:53 0 d-------- C:\Documents and Settings\Mommy\Application Data\TmpRecentIcons
2008-07-27 20:27:23 34304 --a------ C:\WINDOWS\system32\drivers\765lsf.exe
2008-07-27 17:50:50 34304 --a------ C:\WINDOWS\system32\drivers\93lsf.exe
2008-07-27 17:46:34 0 d-------- C:\Documents and Settings\Nikia\Application Data\TmpRecentIcons
2008-07-27 14:02:46 34304 --a------ C:\WINDOWS\system32\drivers\375lsf.exe
2008-07-27 12:44:12 116352 --a------ C:\WINDOWS\system32\qvkgwr.dll
2008-07-27 12:44:11 116352 --a------ C:\WINDOWS\system32\xwwbudbp.dll
2008-07-27 12:41:30 0 --a------ C:\WINDOWS\Sys1D6.exe
2008-07-27 12:41:28 31744 --a------ C:\WINDOWS\Sys1D5.exe
2008-07-27 12:41:27 0 --a------ C:\WINDOWS\Sys1D4.exe
2008-07-27 12:41:11 16662 --ahs---- C:\WINDOWS\system32\kUDNnnnn.ini2
2008-07-27 12:41:05 323584 --a------ C:\WINDOWS\system32\nnnnNDUk.dll
2008-07-27 12:41:00 34304 --a------ C:\WINDOWS\system32\drivers\234lsf.exe
2008-07-27 12:29:03 0 d-------- C:\Documents and Settings\PJ\Application Data\TmpRecentIcons
2008-07-27 11:23:35 0 --a------ C:\WINDOWS\Sys3BE.exe
2008-07-27 11:23:34 33664 --a------ C:\WINDOWS\system32\cbXRIxYo.dll
2008-07-27 11:23:33 33664 --a------ C:\WINDOWS\system32\awturQHW.dll
2008-07-27 11:23:33 31744 --a------ C:\WINDOWS\Sys3BC.exe
2008-07-27 11:23:31 0 --a------ C:\WINDOWS\Sys3BB.exe
2008-07-27 11:22:26 33664 --a------ C:\WINDOWS\system32\tuvUNGxY.dll
2008-07-27 11:22:25 33664 --a------ C:\WINDOWS\system32\jkkIXqop.dll
2008-07-27 11:22:04 33664 --a------ C:\WINDOWS\system32\ddcCUkji.dll
2008-07-27 11:21:56 0 d-------- C:\Documents and Settings\Pereese\Application Data\TmpRecentIcons
2008-07-27 11:21:42 139264 --a------ C:\WINDOWS\eovp.exe
2008-07-27 11:21:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL
2008-07-26 21:58:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-06 21:06:25 0 d-------- C:\Documents and Settings\Pereese\Application Data\InstallShield
2008-06-29 08:47:05 0 d-------- C:\Program Files\Disney


-- Find3M Report ---------------------------------------------------------------

2008-07-28 01:30:09 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-28 00:53:22 0 d-------- C:\Program Files\Common Files
2008-07-28 00:37:20 0 d-------- C:\Program Files\There
2008-07-27 10:49:10 0 d-------- C:\Program Files\IMVU
2008-07-27 07:39:28 0 d-------- C:\Program Files\Google
2008-07-17 10:55:17 0 d-------- C:\Program Files\Morpheus
2008-07-06 21:09:14 0 d-------- C:\Program Files\Analog Devices
2008-06-22 15:51:02 137607 --a------ C:\WINDOWS\HPHins15.dat
2008-06-19 01:19:51 0 d-------- C:\Program Files\Microsoft Works
2008-06-18 12:15:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-02 09:56:48 0 d-------- C:\Program Files\ImvuTools2
2008-06-01 18:28:17 0 d-------- C:\Program Files\Virtools


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05205b4f-d1c6-479d-a053-6120c4d44dd0}]
07/27/2008 21:35: VIRUS ALERT! 116352 --a------ C:\WINDOWS\system32\dilnry.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 16:52: VIRUS ALERT! 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo...


Please don't alter your log in any ways.. That means no fancy fonts, size, colors, code/quote box.. Just post the log as it is.. It will make easier for my eyes...


Please do the following....


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Regards
fenzodahl512
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP