Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explorer redirecting to 'wrong' websites [RESOLVED]

Started by riddles123 , Jul 19 2008 04:34 PM

  • This topic is locked This topic is locked

#1
riddles123
Posted 19 July 2008 - 04:34 PM

riddles123

    Member

  • Member
  • PipPip
  • 12 posts
Hi,
My name is Allan and i have a problem with my browser redirecting my Google searches to advertising and junk websites! I have had this problem for a few weeks now and have tried to solve it myself by running numerous, varied anti-spyware programs but have not been successful in disinfecting my PC.
I have noticed that similar problems have been addressed on this forum before but it appears that specific logs need to be looked at by the experts rather than one solution fitting all.
I would be grateful if i could be given some guidance into getting rid of this irritating problem.
At the moment, i don't have a HijackThis log to send, but if that is what i need to do initially, then i will post it with my next correspondance.
Thank you.
  • 0

Advertisements

#2
kahdah
Posted 19 July 2008 - 06:14 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello riddles123

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
riddles123
Posted 20 July 2008 - 10:58 AM

riddles123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi kahdah,
Thank you for taking the time to help me out here - i really appreciate it.
I have tried to send the logs, main.txt and extra.txt but got a message informing me that i was using an outdated HijackThis program so i will try to send a log from the current version here as well.
Hope this works...!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:19, on 07/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savewealth.com/
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5277E005-5045-7603-1699-ca3230262a11} - C:\Program Files\Common Files\System\wship_z.tlb
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Explorer] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - S-1-5-18 Startup: update.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: update.exe (User 'Default user')
O4 - Startup: update.exe
O4 - Global Startup: update.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/ch...urce/ImlCID.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCCC82E0-B3E2-11D3-B21A-000100000000} - http://www.telebanx....UB/telebanx.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pictures02.ao...UK.9.1.6.18.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{50AF972D-5AD5-4E48-8ED7-B7696187BEC7}: NameServer = 217.16.223.30 217.16.223.31
O20 - AppInit_DLLs: fv8kmtinhl6zsxl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AdLib FMR - Unknown owner - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.one2one.c...mb_nJOpVdN9.jpg

--
End of file - 10555 bytes



Deckard's System Scanner v20071014.68
Run by Allan on 2008-07-20 16:24:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-07-20 15:24:31 UTC - RP1190 - Deckard's System Scanner Restore Point
75: 2008-07-19 15:59:35 UTC - RP1189 - Software Distribution Service 3.0
74: 2008-07-19 15:48:27 UTC - RP1188 - Software Distribution Service 3.0
73: 2008-07-19 03:28:00 UTC - RP1187 - Software Distribution Service 3.0
72: 2008-07-19 01:55:24 UTC - RP1186 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-21 16:25:19 UTC - RP1115 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Allan.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 16:25:46, on 07/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Allan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savewealth.com/
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5277E005-5045-7603-1699-ca3230262a11} - C:\Program Files\Common Files\System\wship_z.tlb
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Explorer] C:\Program Files\Internet Explorer\iexplore.exe
O4 - Startup: update.exe
O4 - Global Startup: update.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/ch...urce/ImlCID.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCCC82E0-B3E2-11D3-B21A-000100000000} - http://www.telebanx....UB/telebanx.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pictures02.ao...UK.9.1.6.18.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{50AF972D-5AD5-4E48-8ED7-B7696187BEC7}: NameServer = 217.16.223.30 217.16.223.31
O20 - AppInit_DLLs: fv8kmtinhl6zsxl.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AdLib FMR - Unknown owner - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 SocketLock (Raw Socket Lock Driver) - c:\windows\system32\socketlock.sys
R3 DumaNT - c:\windows\system32\drivers\dumant.sys <Not Verified; Windows ® 2000 DDK provider; Stereo Helper Driver>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Speed Disk service - c:\program files\speed disk\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>

S2 AdLib FMR -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_777C1462&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_777C1462&REV_A1\3&13C0B0C5&0&20
Service: NVENET


-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-20 16:05:08 126 --a------ C:\Documents and Settings\Allan\IE7_Toolbar_fix.reg
2008-07-19 20:39:52 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 17:29:06 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 17:28:59 14832 --a------ C:\WINDOWS\system32\asfsipc.dll <Not Verified; Microsoft Corporation; Microsoft ® DRM>
2008-07-19 15:10:31 0 d-------- C:\WINDOWS\system32\scripting
2008-07-19 15:10:27 0 d-------- C:\WINDOWS\l2schemas
2008-07-19 15:10:26 0 d-------- C:\WINDOWS\system32\en
2008-07-19 03:45:06 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-19 02:44:58 0 d-------- C:\WINDOWS\network diagnostic
2008-07-18 22:34:39 0 d-------- C:\WINDOWS\Windows Update Setup Files
2008-07-16 16:39:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 21:27:06 0 d-------- C:\Program Files\Panda Security
2008-06-27 02:08:01 0 d-------- C:\Program Files\SoftForYou
2008-06-27 02:08:00 0 d-------- C:\Program Files\Common Files\iProtectYou
2008-06-25 05:56:50 0 d-------- C:\Documents and Settings\Allan\Application Data\Malwarebytes
2008-06-25 05:56:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 03:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 03:48:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 03:48:21 0 d-------- C:\Documents and Settings\Allan\Application Data\SUPERAntiSpyware.com


-- Find3M Report ---------------------------------------------------------------

2008-07-19 20:41:19 0 d-------- C:\Program Files\Lx_cats
2008-07-19 18:16:30 0 d-------- C:\Program Files\Windows NT
2008-07-19 18:16:22 0 d-------- C:\Program Files\Movie Maker
2008-07-19 18:15:10 0 d-------- C:\Program Files\Messenger
2008-07-19 00:14:23 0 d-------- C:\Program Files\Enigma Software Group
2008-07-18 23:28:34 0 d-------- C:\Program Files\SpywareBlaster
2008-07-18 23:19:31 0 d-------- C:\Program Files\Norton Utilities
2008-07-18 10:35:25 0 d-------- C:\Program Files\Spyware Doctor
2008-07-17 16:01:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-16 16:58:12 0 d-------- C:\Program Files\Lavasoft
2008-07-16 16:39:59 0 d-------- C:\Program Files\Common Files
2008-07-16 16:16:12 0 d-------- C:\Program Files\XoftSpySE
2008-06-23 20:47:38 0 d-------- C:\Documents and Settings\Allan\Application Data\Uniblue
2008-06-17 04:24:26 0 d-------- C:\Program Files\The KMPlayer
2008-06-10 06:45:32 0 d-------- C:\Program Files\DivX
2008-05-31 00:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 23:22:55 0 d-------- C:\Program Files\Symantec
2008-05-28 01:56:01 3012 --a------ C:\drmHeader.bin
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:52:23 0 d-------- C:\Program Files\GetTubeVideo
2008-05-21 05:17:40 0 d-------- C:\Program Files\Virtual Earth 3D
2008-05-20 14:38:32 0 d-------- C:\Program Files\DownloadToolz


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5277E005-5045-7603-1699-ca3230262a11}]
07/13/2008 20:16 51200 -rahs---- C:\Program Files\Common Files\System\wship_z.tlb

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [01/26/2004 12:38]
"nwiz"="nwiz.exe" [10/22/2006 13:22 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [12/20/2004 17:12]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 13:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 13:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 06:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 18:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/02/2008 12:52]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [12/01/2005 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:56]
"Internet Explorer"="C:\Program Files\Internet Explorer\iexplore.exe" [04/22/2008 08:40]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

C:\Documents and Settings\Allan\Start Menu\Programs\Startup\
update.exe [07/13/2008 20:16:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
update.exe [07/13/2008 20:16:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe \"C:\Program Files\Common Files\System\svchost.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=fv8kmtinhl6zsxl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-20 16:28:24 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2700+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1247.48 MiB / 745.18 MiB
Pagefile Memory (total/avail): 1827.76 MiB / 1437.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 110.16 GiB total, 51.45 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (CDFS)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120025A - 110.17 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 110.16 GiB - C:

\\.\PHYSICALDRIVE1 - IN-WIN CF Card USB Device

\\.\PHYSICALDRIVE2 - IN-WIN MS Card USB Device

\\.\PHYSICALDRIVE4 - IN-WIN SD Card USB Device

\\.\PHYSICALDRIVE3 - IN-WIN SM Card USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"="C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\\Program Files\\WM Recorder 10.2\\WMR.exe"="C:\\Program Files\\WM Recorder 10.2\\WMR.exe:*:Enabled:WM Recorder 10.2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
"C:\\Documents and Settings\\Allan\\My Documents\\My Videos\\kazaa.exe"="C:\\Documents and Settings\\Allan\\My Documents\\My Videos\\kazaa.exe:*:Disabled:Kazaa"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Desktop\\Toolbox\\LimeWire\\LimeWire.exe"="C:\\Desktop\\Toolbox\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Allan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALLAN-PPD5C8WIC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Allan
LOGONSERVER=\\ALLAN-PPD5C8WIC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Allan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Allan\LOCALS~1\Temp
USERDOMAIN=ALLAN-PPD5C8WIC
USERNAME=Allan
USERPROFILE=C:\Documents and Settings\Allan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Allan (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Capture By George! 2.6 --> "C:\Program Files\Capture By George!\unins000.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Collins English Dictionary And Thesaurus --> C:\WINDOWS\LgUninst.exe C:\Program Files\Lingea\Lex2002\Setup.exe
CyberScrub Professional 3.0 --> C:\PROGRA~1\CYBERS~1\UNWISE.EXE C:\PROGRA~1\CYBERS~1\INSTALL.LOG
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DiceMage --> C:\PROGRA~1\DiceMage\UNWISE.EXE C:\PROGRA~1\DiceMage\INSTALL.LOG
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Dr SpeedTouch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}\Setup.exe" 0009 /l0009 -Control_Panel
Drug Calculations for Nurses --> C:\WINDOWS\st6unst.exe -n "c:\Desktop\ST6UNST.LOG"
Drug Calculations for Nurses (c:\Desktop\) --> C:\WINDOWS\st6unst.exe -n "c:\Desktop\ST6UNST.LOG"
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Instant Demo by NetPlay Software --> "C:\Program Files\InstantDemo\InstantDemo.exe" -uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Karen's Calculator --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
LimeWire 4.18.3 --> "C:\Desktop\Toolbox\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (0.8.) --> C:\WINDOWS\UninstallFirefox.exe /ua "0.8. (en)"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MRU-Blaster v1.5 (Database 3/28/2004) --> "C:\Program Files\MRU-Blaster\unins000.exe"
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Utilities 2002 for Windows --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Norton Utilities\Uninst.isu" -c"C:\Program Files\Norton Utilities\_ISNU.DLL"
Nursing Calculations (C:\Program Files\Nursing Calculations\) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Nursing Calculations\ST6UNST.LOG"
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers --> nvStInst.exe /uninstall /ask
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\Setup.exe" -l0x9
PrintMe Driver for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C27E6CEF-F515-400F-823F-9141D56C0A2F} anything
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
ReaConverter Pro 3.4 --> "C:\Program Files\ReaConverter Pro\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Stellar Phoenix FAT & NTFS 2.0 --> C:\Program Files\Capture By George!\unins000.exe
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Network Driver Update --> MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The KMPlayer (remove only) --> "C:\Program Files\The KMPlayer\uninstall.exe"
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
Visual Mind 8 --> MsiExec.exe /X{91C9B9ED-452F-4DD8-BA11-A9C76EA14F4A}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB898549 --> "C:\WINDOWS\$NtUninstallKB898549$\spuninst\spuninst.exe"
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
WinPatrol 2007 --> C:\Applications\Norton Internet Security 2003\NIS\MSSHLIB\SETUP.EXE /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yuvutu Video Downloader 3.12 --> "C:\Program Files\DownloadToolz\Yuvutu Video Downloader\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1052 / Warning
Event Submitted/Written: 07/20/2008 00:04:27 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Event Record #/Type1050 / Warning
Event Submitted/Written: 07/20/2008 00:02:31 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Event Record #/Type919 / Error
Event Submitted/Written: 07/19/2008 03:12:05 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF-Cleaner.exe, version 2.0.0.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type835 / Error
Event Submitted/Written: 07/18/2008 11:50:40 PM
Event ID/Source: 1002 / Application Hang
E
  • 0

#4
riddles123
Posted 20 July 2008 - 11:06 AM

riddles123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi kahdah,
The last part of the extra.txt log got 'chopped off', so i have posted it here!

-- Application Event Log -------------------------------------------------------

Event Record #/Type1052 / Warning
Event Submitted/Written: 07/20/2008 00:04:27 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Event Record #/Type1050 / Warning
Event Submitted/Written: 07/20/2008 00:02:31 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Event Record #/Type919 / Error
Event Submitted/Written: 07/19/2008 03:12:05 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF-Cleaner.exe, version 2.0.0.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type835 / Error
Event Submitted/Written: 07/18/2008 11:50:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type833 / Warning
Event Submitted/Written: 07/18/2008 11:42:22 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15057 / Error
Event Submitted/Written: 07/20/2008 03:27:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxcr_device service failed to start due to the following error:
%%1053

Event Record #/Type15056 / Error
Event Submitted/Written: 07/20/2008 03:27:43 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxcr_device service to connect.

Event Record #/Type15055 / Error
Event Submitted/Written: 07/20/2008 03:27:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcr_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44105F}

Event Record #/Type15043 / Error
Event Submitted/Written: 07/20/2008 03:27:07 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event Record #/Type15042 / Error
Event Submitted/Written: 07/20/2008 03:27:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Upload Manager service failed to start due to the following error:
%%1079



-- End of Deckard's System Scanner: finished at 2008-07-20 16:28:24 ------------
  • 0

#5
kahdah
Posted 20 July 2008 - 01:35 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

C:\Program Files\Common Files\System\wship_z.tlb
C:\Documents and Settings\Allan\Start Menu\Programs\Startup\update.exe
C:\Program Files\Common Files\System\svchost.exe
C:\WIndows\system32\fv8kmtinhl6zsxl.dll
C:\Program Files\Internet Explorer\iexplore.exe

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#6
riddles123
Posted 20 July 2008 - 02:40 PM

riddles123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for your prompt reply kahdah.
I do hope I've posted these logs correctly!


C:\Program Files\Common Files\System\wship_z.tlb
Last file scanned at least one scanner reported something about: Keygen.exe (MD5: e9ac1ef7faa4022af02e28f5ad260e68, size: 140764 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir SPR/Keygen.140764
ArcaVir Heur.Win32.I
Avast X
AVG Antivirus Generic5.JJW
BitDefender Application.Keygen.Nero.A
ClamAV PUA.Packed.UPack-2
CPsecure W32.Email.W.Scano.gen
Dr.Web X
F-Prot Antivirus W32/Trojan.AAZH
F-Secure Anti-Virus X
Fortinet X
Ikarus Trojan-Downloader.Win32.Zlob.and
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control W32/Zlob.ACJF
Panda Antivirus X
Sophos Antivirus Mal/Packer
VirusBuster X
VBA32 OScope.Worm.SAT.Nuwar


C:\Documents and Settings\Allan\Start Menu\Programs\Startup\update.exe
Last file scanned at least one scanner reported something about: at.exe (MD5: 1845fb52dc1103e82e1e7d6b30790459, size: 394240 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir SPR/Fake.DocAV200.A
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus not-a-virus:FraudTool.Win32.DoctorAntivirus.j (6, 2, 616)
Fortinet X
Ikarus X
Kaspersky Anti-Virus not-a-virus:FraudTool.Win32.DoctorAntivirus.j
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X




C:\Program Files\Common Files\System\svchost.exe
Last file scanned at least one scanner reported something about: SGL编辑器.exe (MD5: 3e6f1981047d60e998b7541b5e64dc38, size: 1593344 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus SHeur.AEEA
BitDefender X
ClamAV PUA.Packed.Themida
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X




C:\WIndows\system32\fv8kmtinhl6zsxl.dll
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file



C:\Program Files\Internet Explorer\iexplore.exe
Last file scanned at least one scanner reported something about: n0manc0rz_three.rar (MD5: 2e843e5d761dc20cf91b75fb8d850f83, size: 253676 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir DR/generic.288129.1
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Dropped:Trojan.Generic.288129
ClamAV X
CPsecure Troj.Downloader.W32.Aphex.060
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Trojan.Generic
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Sus/Behav-200
VirusBuster X
VBA32 Backdoor.XiaoBird.47
  • 0

#7
kahdah
Posted 20 July 2008 - 02:51 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter these file these file names fv8kmtinhl6zsxl.dll and iexplore.exe
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

  • 0

#8
riddles123
Posted 20 July 2008 - 03:13 PM

riddles123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks kahdah.

There were no files found for fv8kmtinhl6zsxl.dll

C:\Program Files\Internet Explorer\iexplore.exe - 625664 Bytes
C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe - 625664 Bytes
C:\WINDOWS\ie7\iexplore.exe - 93184 Bytes
C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe - 622080 Bytes
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe - 93184 Bytes
C:\WINDOWS\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2GDR\iexplore.exe - 625664 Bytes
C:\WINDOWS\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2QFE\iexplore.exe - 625664 Bytes
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\iexplore.exe - 93184 Bytes
C:\WINDOWS\system32\dllcache\iexplore.exe - 625664 Bytes
  • 0

#9
kahdah
Posted 20 July 2008 - 06:54 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please close internet explorer when doing this:

Please go to Start>Run copy and paste in this line:
copy "C:\WINDOWS\system32\dllcache\iexplore.exe" "C:\Program Files\Internet Explorer\iexplore.exe" then hit ok.
==============================================
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
"Shell"="Explorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
============================================
After that
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Common Files\System\wship_z.tlb
C:\Documents and Settings\Allan\Start Menu\Programs\Startup\update.exe 
C:\Program Files\Common Files\System\svchost.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Explorer
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\update.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================
Please then post back with a new dss log and the OT Move it log.
  • 0

#10
riddles123
Posted 20 July 2008 - 07:33 PM

riddles123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for your patience kadah!
Here is the OT Move It log, followed by the subsequent DSS log:

C:\Program Files\Common Files\System\wship_z.tlb moved successfully.
C:\Documents and Settings\Allan\Start Menu\Programs\Startup\update.exe moved successfully.
C:\Program Files\Common Files\System\svchost.exe moved successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Explorer >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Explorer deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\update.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07212008_022536


Deckard's System Scanner v20071014.68
Run by Allan on 2008-07-21 02:28:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Allan.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:28:30, on 07/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\desktop\Geeks Forum\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Allan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savewealth.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5277E005-5045-7603-1699-ca3230262a11} - C:\Program Files\Common Files\System\wship_z.tlb (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/ch...urce/ImlCID.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCCC82E0-B3E2-11D3-B21A-000100000000} - http://www.telebanx....UB/telebanx.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pictures02.ao...UK.9.1.6.18.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{50AF972D-5AD5-4E48-8ED7-B7696187BEC7}: NameServer = 217.16.223.30 217.16.223.31
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AdLib FMR - Unknown owner - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.one2one.c...mb_nJOpVdN9.jpg

--
End of file - 9960 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 02:21:07 137916914 --a------ C:\registrybackup.reg
2008-07-20 17:39:04 0 d-------- C:\Program Files\Trend Micro
2008-07-20 16:05:08 126 --a------ C:\Documents and Settings\Allan\IE7_Toolbar_fix.reg
2008-07-19 20:39:52 0 d-------- C:\WINDOWS\Prefetch
2008-07-19 17:29:06 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-19 17:28:59 14832 --a------ C:\WINDOWS\system32\asfsipc.dll <Not Verified; Microsoft Corporation; Microsoft ® DRM>
2008-07-19 15:10:31 0 d-------- C:\WINDOWS\system32\scripting
2008-07-19 15:10:27 0 d-------- C:\WINDOWS\l2schemas
2008-07-19 15:10:26 0 d-------- C:\WINDOWS\system32\en
2008-07-19 03:45:06 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-19 02:44:58 0 d-------- C:\WINDOWS\network diagnostic
2008-07-18 22:34:39 0 d-------- C:\WINDOWS\Windows Update Setup Files
2008-07-16 16:39:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 21:27:06 0 d-------- C:\Program Files\Panda Security
2008-06-27 02:08:01 0 d-------- C:\Program Files\SoftForYou
2008-06-27 02:08:00 0 d-------- C:\Program Files\Common Files\iProtectYou
2008-06-25 05:56:50 0 d-------- C:\Documents and Settings\Allan\Application Data\Malwarebytes
2008-06-25 05:56:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 03:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 03:48:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 03:48:21 0 d-------- C:\Documents and Settings\Allan\Application Data\SUPERAntiSpyware.com


-- Find3M Report ---------------------------------------------------------------

2008-07-21 00:21:24 0 d-------- C:\Program Files\Lx_cats
2008-07-19 18:16:30 0 d-------- C:\Program Files\Windows NT
2008-07-19 18:16:22 0 d-------- C:\Program Files\Movie Maker
2008-07-19 18:15:10 0 d-------- C:\Program Files\Messenger
2008-07-19 00:14:23 0 d-------- C:\Program Files\Enigma Software Group
2008-07-18 23:28:34 0 d-------- C:\Program Files\SpywareBlaster
2008-07-18 23:19:31 0 d-------- C:\Program Files\Norton Utilities
2008-07-18 10:35:25 0 d-------- C:\Program Files\Spyware Doctor
2008-07-17 16:01:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-16 16:58:12 0 d-------- C:\Program Files\Lavasoft
2008-07-16 16:39:59 0 d-------- C:\Program Files\Common Files
2008-07-16 16:16:12 0 d-------- C:\Program Files\XoftSpySE
2008-06-23 20:47:38 0 d-------- C:\Documents and Settings\Allan\Application Data\Uniblue
2008-06-17 04:24:26 0 d-------- C:\Program Files\The KMPlayer
2008-06-10 06:45:32 0 d-------- C:\Program Files\DivX
2008-05-31 00:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 23:22:55 0 d-------- C:\Program Files\Symantec
2008-05-28 01:56:01 3012 --a------ C:\drmHeader.bin
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:52:23 0 d-------- C:\Program Files\GetTubeVideo
2008-05-21 05:17:40 0 d-------- C:\Program Files\Virtual Earth 3D


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5277E005-5045-7603-1699-ca3230262a11}]
C:\Program Files\Common Files\System\wship_z.tlb

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [01/26/2004 12:38]
"nwiz"="nwiz.exe" [10/22/2006 13:22 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [12/20/2004 17:12]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 13:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 13:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 06:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 18:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/02/2008 12:52]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [12/01/2005 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-21 02:29:29 ------------
  • 0

Advertisements

#11
kahdah
Posted 20 July 2008 - 07:38 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

How are things running?
  • 0

#12
riddles123
Posted 21 July 2008 - 08:09 AM

riddles123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi kahdah,
You have done a great job!
The PC is running well - i'm so pleased with what you have achieved. Thank you very much for your time, effort and expertise. It looks like you have erradicated my problem....hope i haven't jinxed myself by saying that!
Really hoping that your tweaks have permanently rid me of whatever it was that was redirecting from my internet explorer searches! If it does resurface, i'll get back in touch.
I suspect I picked up the 'virus' from the Limewire P2P site.
I forgot to say at the beginning, and in keeping with other G2G forum users with a similar problem, when I used Mozilla Firefox, I didn't seem to get the problems. It does appear to be a more robust browser than Internet Explorer. Would you recommend I use that browser in future?
I assume we can now render this thread as 'Resolved'!
Really impressed with your service - I have never had any PC issues that i haven't been able to sort out myself, but it's nice to know that experts like yourself are available when things go badly wrong.
I'll certainly be hitting the 'donate' button after this!
Cheers kahdah!!
  • 0

#13
kahdah
Posted 21 July 2008 - 05:13 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Thanks for the donation :)

Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#14
riddles123
Posted 21 July 2008 - 09:53 PM

riddles123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks again kahdah!!
  • 0

#15
kahdah
Posted 22 July 2008 - 03:53 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP