I tried that also. It is still looping...
When you F8 do you get to the option menu ?
Do you have your XP CD ?
Brave Sentry infected - HJT log attached [RESOLVED]
Started by
goassen
, Aug 01 2007 06:31 AM
#16
Posted 15 August 2007 - 05:31 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
When you F8 do you get to the option menu ?
Do you have your XP CD ?
#17
Posted 16 August 2007 - 04:26 AM
goassen
- Topic Starter
-
- Member
-
- 17 posts
Member
Yes, I get the option menu when I click F8.
Unfortunately I do not have my XP cd here. I will have it in 2 weeks...
Unfortunately I do not have my XP cd here. I will have it in 2 weeks...
#18
Posted 16 August 2007 - 06:03 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
OK good to know that helps
so to clearify choosing normal mode, and the various safe modes send you into a loop ?
we will need the XP CD
so to clearify choosing normal mode, and the various safe modes send you into a loop ?
we will need the XP CD
#19
Posted 17 August 2007 - 08:34 AM
goassen
- Topic Starter
-
- Member
-
- 17 posts
Member
Yes, choosing normal mode, safe mode, safe mode with networking and last good configuration, sends me into a loop.
I'll try to get the cd asap.
One other question. The day my computer got infected, I took a back-up copy of some files (mostly pictures, music and word/excel documents) onto my external hard drive. If I plug this into a new computer with "AVG anti-virus free edition", do you think this computer will be infected? Do you think that the infections have spread into files like those mentioned above? Is it possible to access the files in a safe way?
I'll try to get the cd asap.
One other question. The day my computer got infected, I took a back-up copy of some files (mostly pictures, music and word/excel documents) onto my external hard drive. If I plug this into a new computer with "AVG anti-virus free edition", do you think this computer will be infected? Do you think that the infections have spread into files like those mentioned above? Is it possible to access the files in a safe way?
#20
Posted 17 August 2007 - 09:15 AM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Only if you click on an infected file scan them beofre opening any of them
#21
Posted 27 August 2007 - 03:09 PM
goassen
- Topic Starter
-
- Member
-
- 17 posts
Member
Hi,
Now I have the XP cd. What should I do?
Now I have the XP cd. What should I do?
#23
Posted 28 August 2007 - 01:45 PM
goassen
- Topic Starter
-
- Member
-
- 17 posts
Member
Thanks! Now I've done the XP repair.
When starting the computer now, I get a warning saying: "Spywareguard browser protection alert!" "Warning! Your IE homepage has been changed!" I push restore old value. Everything else looks normal. I get some warnings about expired Webroot spysweeper.
Should I do a HJT scan or something?
When starting the computer now, I get a warning saying: "Spywareguard browser protection alert!" "Warning! Your IE homepage has been changed!" I push restore old value. Everything else looks normal. I get some warnings about expired Webroot spysweeper.
Should I do a HJT scan or something?
#24
Posted 28 August 2007 - 03:14 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Lets see a DSS log please
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
#25
Posted 28 August 2007 - 06:05 PM
goassen
- Topic Starter
-
- Member
-
- 17 posts
Member
MAIN.TXT:
Deckard's System Scanner v20070826.66
Run by Administrator on 2007-08-29 01:42:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-08-28 23:43:05 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-08-28 19:22:23 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 01:46:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Programmer\Itunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure\Common\FSMA32.exe
C:\Program Files\F-Secure\Common\FSMB32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure\Common\fch32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\F-Secure\Common\FNRB32.exe
C:\Program Files\F-Secure\Common\FAMEH32.exe
C:\Program Files\F-Secure\Common\FIH32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QNGFZ8TK\dss[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [CARPService] carpserv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [TV Now] "C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" /RK
O4 - HKEY_LOCAL_MACHINE\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s
O4 - HKEY_LOCAL_MACHINE\..\Run: [QT4HPOT] "C:\Program Files\HPQ\One-Touch\OneTouch.EXE"
O4 - HKEY_LOCAL_MACHINE\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "D:\Programmer\Itunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O21 - SSODL: RSeQBs - {2CCFACCC-8665-0666-CD3D-57585FFDD938} - C:\WINDOWS\System32\aae.dll (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - "C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe"
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FNRB32.EXE"
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - "C:\Program Files\F-Secure\Common\FSAA.EXE"
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FSMA32.EXE"
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 LUMDriver - c:\windows\system32\drivers\lumdriver.sys <Not Verified; IBM; LUM application>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 FSpm (F-Secure Policy Manager) - c:\program files\f-secure\common\fspm.sys <Not Verified; F-Secure Corporation; F-Secure Management Agent>
S2 windev-5127-2f8a - c:\windows\system32\windev-5127-2f8a.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
R2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
S2 FSAA (F-Secure Authentication Agent) - "c:\program files\f-secure\common\fsaa.exe" <Not Verified; F-Secure Corporation. All Rights Reserved.; F-Secure Authentication Agent>
S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET�00
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET�00
Service: CVirtA
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 01:46:08 218112 --a------ C:\Program Files\Administrator.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-08-29 01:35:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-29 01:34:13 0 d-------- C:\WINDOWS\LastGood
2007-08-28 21:15:51 0 d-------- C:\WINDOWS\Prefetch
2007-08-14 19:39:33 32768 --a------ C:\WINDOWS\system32\aae_dll.vir
2007-08-14 17:32:55 17408 --a------ C:\WINDOWS\system32\svchost_exe.vir <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-14 16:18:26 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-13 01:35:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-08-13 01:22:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-13 01:22:27 0 d-------- C:\Program Files\Google
2007-08-13 01:19:23 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-08-13 01:05:04 0 d-------- C:\Program Files\SpywareGuard
2007-08-13 00:52:59 0 d-------- C:\Program Files\SpywareBlaster
2007-08-11 02:21:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-11 02:21:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-10 22:49:34 0 d-------- C:\HostsXpert
2007-08-08 19:00:53 3686 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 12:23:32 218112 --a------ C:\Program Files\HijackThis.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
-- Find3M Report ---------------------------------------------------------------
2007-08-28 20:58:30 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-28 20:57:51 0 d-------- C:\Program Files\Messenger
2007-08-14 19:24:55 0 d-------- C:\Program Files\QuickTime
2007-08-14 19:23:24 0 d-------- C:\Program Files\MSN Messenger
2007-08-13 01:21:11 0 d-------- C:\Program Files\Java
2007-07-07 15:43:57 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-07 15:43:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-07-05 18:03:26 0 d-------- C:\Program Files\Webroot
2007-07-05 18:03:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-07-05 17:57:18 164 --a------ C:\install.dat
2007-07-05 01:25:51 10 --a------ C:\WINDOWS\system32\kr_done1
2007-07-04 01:09:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-06-04 19:44:53 177152 --a------ C:\Program Files\utorrent.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [15.04.2003 04:00 C:\WINDOWS\system32\carpserv.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [23.05.2003 00:10]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23.05.2003 01:06]
"ATIModeChange"="Ati2mdxx.exe" [16.08.2002 02:18 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [14.08.2002 18:29]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [17.07.2003 14:50]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [30.01.2003 11:34]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [15.08.2002 07:26]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [03.10.2003 21:07]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [19.09.2005 10:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16.02.2007 10:54]
"iTunesHelper"="D:\Programmer\Itunes\iTunesHelper.exe" [14.03.2007 19:05]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [21.06.2007 18:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [29.07.2006 20:33]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04.08.2004 02:06]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [13.08.2007 10:03]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29.08.2003 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.02.2001 11:01:04]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [24.11.2006 16:40:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RSeQBs"= {2CCFACCC-8665-0666-CD3D-57585FFDD938} - C:\WINDOWS\System32\aae.dll [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
*Newly Created Service* - BITS
*Newly Created Service* - HTTPFILTER
-- End of Deckard's System Scanner: finished at 2007-08-29 01:58:15 ------------
EXTRA.TXT:
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 702.98 MiB / 374.62 MiB
Pagefile Memory (total/avail): 1721 MiB / 1384.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.82 MiB
C: is Fixed (NTFS) - 7.96 GiB total, 2.86 GiB free.
D: is Fixed (NTFS) - 29.29 GiB total, 14.3 GiB free.
E: is CDROM (Unformatted)
\\.\PHYSICALDRIVE0 - ST94011A - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 7.96 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 29.29 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Spy Sweeper with AntiVirus v5.5.1.3356 (Webroot Software Inc)
AV: F-Secure Anti-Virus 5.44 v5.44 (F-Secure Corporation)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PCEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\PCEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=PCEN
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\BWUnin-6.1.4.58-7681197L.exe -AppId 7681197
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (kun avinstallering) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Cisco Systems VPN Client 4.8.01.0300 --> MsiExec.exe /X{D25122BC-A60E-4663-B602-B01718F12044}
Clue 7.0 --> MsiExec.exe /I{EE16232D-EC26-43D0-B6AF-DFCDEDDE72CF}
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio --> CIAunwdm.exe
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Desktop Zoom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0604F35-314C-4341-A05E-3FEABCFDD470}\SETUP.EXE" -l0x9
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" UNINSTALL
Ett-trykks-knapper --> C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
Express Dictate --> C:\Program Files\NCH Swift Sound\Express\uninst.exe
Express Scribe --> C:\Program Files\NCH Swift Sound\Scribe\uninst.exe
F-Secure Anti-Virus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
F-Secure BackWeb --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure BackWeb"
F-Secure Management Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\Program Files\HijackThis.exe /uninstall
HP Wireless LAN Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{572F7D67-11E0-4978-9227-9C1C47581601}\SETUP.EXE" -l0x14 UNINSTALL
HP WLAN 54g W450 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
HyperRESEARCH --> D:\PROGRA~1\HYPERR~1\UNWISE.EXE D:\PROGRA~1\HYPERR~1\INSTALL.LOG
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office XP Professional med FrontPage --> MsiExec.exe /I{90280414-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notebook Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\SETUP.EXE" -l0x14 UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Digital Voice Editor --> D:\PROGRA~1\DIGITA~1\UNWISE.EXE D:\PROGRA~1\DIGITA~1\INSTALL.LOG
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{8CEA4A05-F512-45F5-8F80-5F2FA9E7F187}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type5892 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
707 2007-08-13 18:47:10+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5891 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
706 2007-08-13 18:46:58+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5890 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
705 2007-08-13 18:46:46+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5889 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
704 2007-08-13 18:46:34+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5888 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
703 2007-08-13 18:46:22+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15499 / Error
Event Submitted/Written: 08/29/2007 01:26:59 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.3 for the Network Card with network address 000F20C91770 has been
denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type15477 / Error
Event Submitted/Written: 08/29/2007 00:47:47 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd
Event Record #/Type15476 / Error
Event Submitted/Written: 08/29/2007 00:47:47 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The windev-5127-2f8a service failed to start due to the following error:
%%2
Event Record #/Type15474 / Error
Event Submitted/Written: 08/29/2007 00:45:30 AM / 08/29/2007 00:46:00 AM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type15450 / Error
Event Submitted/Written: 08/28/2007 09:31:13 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd
-- End of Deckard's System Scanner: finished at 2007-08-29 01:58:15 ------------
Deckard's System Scanner v20070826.66
Run by Administrator on 2007-08-29 01:42:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-08-28 23:43:05 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-08-28 19:22:23 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 01:46:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Programmer\Itunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure\Common\FSMA32.exe
C:\Program Files\F-Secure\Common\FSMB32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure\Common\fch32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\F-Secure\Common\FNRB32.exe
C:\Program Files\F-Secure\Common\FAMEH32.exe
C:\Program Files\F-Secure\Common\FIH32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QNGFZ8TK\dss[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [CARPService] carpserv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [TV Now] "C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" /RK
O4 - HKEY_LOCAL_MACHINE\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s
O4 - HKEY_LOCAL_MACHINE\..\Run: [QT4HPOT] "C:\Program Files\HPQ\One-Touch\OneTouch.EXE"
O4 - HKEY_LOCAL_MACHINE\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "D:\Programmer\Itunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O21 - SSODL: RSeQBs - {2CCFACCC-8665-0666-CD3D-57585FFDD938} - C:\WINDOWS\System32\aae.dll (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - "C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe"
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FNRB32.EXE"
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - "C:\Program Files\F-Secure\Common\FSAA.EXE"
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FSMA32.EXE"
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 LUMDriver - c:\windows\system32\drivers\lumdriver.sys <Not Verified; IBM; LUM application>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 FSpm (F-Secure Policy Manager) - c:\program files\f-secure\common\fspm.sys <Not Verified; F-Secure Corporation; F-Secure Management Agent>
S2 windev-5127-2f8a - c:\windows\system32\windev-5127-2f8a.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
R2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
S2 FSAA (F-Secure Authentication Agent) - "c:\program files\f-secure\common\fsaa.exe" <Not Verified; F-Secure Corporation. All Rights Reserved.; F-Secure Authentication Agent>
S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET�00
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET�00
Service: CVirtA
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 01:46:08 218112 --a------ C:\Program Files\Administrator.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-08-29 01:35:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-29 01:34:13 0 d-------- C:\WINDOWS\LastGood
2007-08-28 21:15:51 0 d-------- C:\WINDOWS\Prefetch
2007-08-14 19:39:33 32768 --a------ C:\WINDOWS\system32\aae_dll.vir
2007-08-14 17:32:55 17408 --a------ C:\WINDOWS\system32\svchost_exe.vir <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-14 16:18:26 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-13 01:35:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-08-13 01:22:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-13 01:22:27 0 d-------- C:\Program Files\Google
2007-08-13 01:19:23 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-08-13 01:05:04 0 d-------- C:\Program Files\SpywareGuard
2007-08-13 00:52:59 0 d-------- C:\Program Files\SpywareBlaster
2007-08-11 02:21:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-11 02:21:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-10 22:49:34 0 d-------- C:\HostsXpert
2007-08-08 19:00:53 3686 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 12:23:32 218112 --a------ C:\Program Files\HijackThis.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
-- Find3M Report ---------------------------------------------------------------
2007-08-28 20:58:30 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-28 20:57:51 0 d-------- C:\Program Files\Messenger
2007-08-14 19:24:55 0 d-------- C:\Program Files\QuickTime
2007-08-14 19:23:24 0 d-------- C:\Program Files\MSN Messenger
2007-08-13 01:21:11 0 d-------- C:\Program Files\Java
2007-07-07 15:43:57 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-07 15:43:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-07-05 18:03:26 0 d-------- C:\Program Files\Webroot
2007-07-05 18:03:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-07-05 17:57:18 164 --a------ C:\install.dat
2007-07-05 01:25:51 10 --a------ C:\WINDOWS\system32\kr_done1
2007-07-04 01:09:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-06-04 19:44:53 177152 --a------ C:\Program Files\utorrent.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [15.04.2003 04:00 C:\WINDOWS\system32\carpserv.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [23.05.2003 00:10]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23.05.2003 01:06]
"ATIModeChange"="Ati2mdxx.exe" [16.08.2002 02:18 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [14.08.2002 18:29]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [17.07.2003 14:50]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [30.01.2003 11:34]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [15.08.2002 07:26]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [03.10.2003 21:07]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [19.09.2005 10:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16.02.2007 10:54]
"iTunesHelper"="D:\Programmer\Itunes\iTunesHelper.exe" [14.03.2007 19:05]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [21.06.2007 18:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [29.07.2006 20:33]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04.08.2004 02:06]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [13.08.2007 10:03]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29.08.2003 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.02.2001 11:01:04]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [24.11.2006 16:40:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RSeQBs"= {2CCFACCC-8665-0666-CD3D-57585FFDD938} - C:\WINDOWS\System32\aae.dll [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
*Newly Created Service* - BITS
*Newly Created Service* - HTTPFILTER
-- End of Deckard's System Scanner: finished at 2007-08-29 01:58:15 ------------
EXTRA.TXT:
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 702.98 MiB / 374.62 MiB
Pagefile Memory (total/avail): 1721 MiB / 1384.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.82 MiB
C: is Fixed (NTFS) - 7.96 GiB total, 2.86 GiB free.
D: is Fixed (NTFS) - 29.29 GiB total, 14.3 GiB free.
E: is CDROM (Unformatted)
\\.\PHYSICALDRIVE0 - ST94011A - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 7.96 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 29.29 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Spy Sweeper with AntiVirus v5.5.1.3356 (Webroot Software Inc)
AV: F-Secure Anti-Virus 5.44 v5.44 (F-Secure Corporation)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PCEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\PCEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=PCEN
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\BWUnin-6.1.4.58-7681197L.exe -AppId 7681197
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (kun avinstallering) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Cisco Systems VPN Client 4.8.01.0300 --> MsiExec.exe /X{D25122BC-A60E-4663-B602-B01718F12044}
Clue 7.0 --> MsiExec.exe /I{EE16232D-EC26-43D0-B6AF-DFCDEDDE72CF}
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio --> CIAunwdm.exe
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Desktop Zoom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0604F35-314C-4341-A05E-3FEABCFDD470}\SETUP.EXE" -l0x9
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" UNINSTALL
Ett-trykks-knapper --> C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
Express Dictate --> C:\Program Files\NCH Swift Sound\Express\uninst.exe
Express Scribe --> C:\Program Files\NCH Swift Sound\Scribe\uninst.exe
F-Secure Anti-Virus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
F-Secure BackWeb --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure BackWeb"
F-Secure Management Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\Program Files\HijackThis.exe /uninstall
HP Wireless LAN Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{572F7D67-11E0-4978-9227-9C1C47581601}\SETUP.EXE" -l0x14 UNINSTALL
HP WLAN 54g W450 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
HyperRESEARCH --> D:\PROGRA~1\HYPERR~1\UNWISE.EXE D:\PROGRA~1\HYPERR~1\INSTALL.LOG
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office XP Professional med FrontPage --> MsiExec.exe /I{90280414-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notebook Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\SETUP.EXE" -l0x14 UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Digital Voice Editor --> D:\PROGRA~1\DIGITA~1\UNWISE.EXE D:\PROGRA~1\DIGITA~1\INSTALL.LOG
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{8CEA4A05-F512-45F5-8F80-5F2FA9E7F187}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type5892 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
707 2007-08-13 18:47:10+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5891 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
706 2007-08-13 18:46:58+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5890 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
705 2007-08-13 18:46:46+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5889 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
704 2007-08-13 18:46:34+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5888 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
703 2007-08-13 18:46:22+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15499 / Error
Event Submitted/Written: 08/29/2007 01:26:59 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.3 for the Network Card with network address 000F20C91770 has been
denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type15477 / Error
Event Submitted/Written: 08/29/2007 00:47:47 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd
Event Record #/Type15476 / Error
Event Submitted/Written: 08/29/2007 00:47:47 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The windev-5127-2f8a service failed to start due to the following error:
%%2
Event Record #/Type15474 / Error
Event Submitted/Written: 08/29/2007 00:45:30 AM / 08/29/2007 00:46:00 AM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type15450 / Error
Event Submitted/Written: 08/28/2007 09:31:13 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd
-- End of Deckard's System Scanner: finished at 2007-08-29 01:58:15 ------------
#26
Posted 28 August 2007 - 06:21 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Everything looks good do yourself a favor and get rid of limewire p2p programs are a breading ground for malware
No need to flush out your restore points but follow the other suggestions below
Nice job your log is clean !
How is it running ?
Please use the following suggestion to help prevent reinfection
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
[/list]
No need to flush out your restore points but follow the other suggestions below
Nice job your log is clean !
How is it running ?
Please use the following suggestion to help prevent reinfection
- Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download
Spyware Blaster
Spyware Guard
IE-Spyad
- Online scan
For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan
- Clean out Temp Folders
Be sure and give the Temp folders a cleaning out now and then as well, A handy tool to do this
Please download ATF Cleaner by Atribune.- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
- Double-click ATF-Cleaner.exe to run the program.
- Updating Java and Clearing Cache:
- Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
- It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot. - If you are unable to update you can manually update by going Here
- After the reboot, go back into the Control Panel and double-click the Java Icon.
- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
Downloaded Applications
Other Files
- Downloaded Applets
- Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. - Click OK to leave the Java Control Panel.
- Windows Updates
Remeber to Check Windows for updates
- Flush System Restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
[/list]
#27
Posted 30 August 2007 - 02:24 AM
goassen
- Topic Starter
-
- Member
-
- 17 posts
Member
Hi,
Now I've done everything except windows update, IE-spyad and flushing the system restore. The Trend micro's housecall found two vulnerabilities and the Activescan gave me the following report:
What should I do?
Incident Status Location
Possible Virus. Renamed C:\Deckard\System Scanner\backup\WINDOWS\temp\ASHeuristic\aae.dll
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@weborama[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitfraud\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\smitfraud\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Possible Virus. Not disinfected C:\WINDOWS\system32\aae_dll.vir
Virus:W32/Patchlog.D Renamed C:\WINDOWS\system32\svchost_exe.vir
Virus:W32/Patchlog.D Renamed C:\WINDOWS\system32\svchost_exe.vir0
Now I've done everything except windows update, IE-spyad and flushing the system restore. The Trend micro's housecall found two vulnerabilities and the Activescan gave me the following report:
What should I do?
Incident Status Location
Possible Virus. Renamed C:\Deckard\System Scanner\backup\WINDOWS\temp\ASHeuristic\aae.dll
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@weborama[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitfraud\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\smitfraud\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Possible Virus. Not disinfected C:\WINDOWS\system32\aae_dll.vir
Virus:W32/Patchlog.D Renamed C:\WINDOWS\system32\svchost_exe.vir
Virus:W32/Patchlog.D Renamed C:\WINDOWS\system32\svchost_exe.vir0
#28
Posted 30 August 2007 - 02:27 AM
goassen
- Topic Starter
-
- Member
-
- 17 posts
Member
I also got a warning (I think it was from Webroot spysweeper) about something called "Mal/Heuri-E" and "C:\windows\temp\Asheuristic\AEE.DLL and \AEE_DLL.VIR
#29
Posted 30 August 2007 - 03:56 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
All found nothing to be concerned with
In case you delete OTmoveit already
Please download the OTMoveIt by OldTimer.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
Next
Run ATF I had yopu download earlier
Next
Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot,
Rescan with Active and let me know what it comes back with
In case you delete OTmoveit already
Please download the OTMoveIt by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\aae_dll.vir
C:\WINDOWS\system32\svchost_exe.vir
C:\WINDOWS\system32\svchost_exe.vir0
- Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
- Close OTMoveIt
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
Next
Run ATF I had yopu download earlier
Next
Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot,
Rescan with Active and let me know what it comes back with
#30
Posted 03 September 2007 - 07:49 PM
don77
-
- Retired Staff
-
- 18,526 posts
Malware Expert
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
