 This One Seems Bery Bad, It seems to counter even the advanced diagnostics tools like DSS... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 24 2008, 03:00 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 5 Joined: 23-June 08 From: South Africa Member No.: 218,096  |
Here is the story so far: 2 Days ago I got my computer infected... It was entirely my fault - I downloaded a file, it looked suspicious but after scanning it with AVG came up with nothing so i ran it... I though of this a bit and I cannot put it in to a coherent paragraph so I will just put down as many facts as I can remember atm:
Deckard's System Scanner v20071014.68 Run by DM on 2008-06-24 09:29:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2008-06-24 07:29:28 UTC - RP347 - Deckard's System Scanner Restore Point 1: 2008-06-23 13:58:17 UTC - RP346 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 12.11 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-24 09:34:13 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alias\Maya6.5\docs\wrapper.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe C:\wamp\Apache2\bin\Apache.exe C:\wamp\mysql\bin\mysqld-nt.exe C:\WINDOWS\explorer.exe C:\wamp\Apache2\bin\Apache.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Microsoft ActiveSync\rapimgr.exe C:\wamp\wampserver.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\IPWireless Inc\IPWireless PC Software\UEStatus.exe C:\Program Files\Process Master\procmast.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\DM\Desktop\dss.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/ig?hl=en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{2244AD1A-A9E7-4D36-80B3-99CC781CD0D2}: NameServer = 192.168.0.1 O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{615A2149-6D75-4140-A123-BC306A171168}: NameServer = 66.18.68.1 66.18.65.1 O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{AB7F5FE6-B1C5-4051-B60D-85B19B29CB0B}: NameServer = 192.168.2.1 O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D0B304C1-B01E-4018-B91A-F9BEACE65298}: NameServer = 192.168.2.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: wampapache - Apache Software Foundation - C:\wamp\Apache2\bin\Apache.exe O23 - Service: wampmysqld - Unknown owner - C:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- End of file - 9621 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©> R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver> R3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> R3 RMSPPPOE (WAN Miniport (PPP over Ethernet Protocol)) - c:\windows\system32\drivers\rmspppoe.sys <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol> S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller> S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing) S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver> S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver> S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> R2 maya65docserver (Maya 6.5 Documentation Server) - "c:\program files\alias\maya6.5\docs\wrapper.exe" -s "c:\program files\alias\maya6.5\docs\wrapper.conf" R2 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 pro\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Pro> R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service> R2 wampapache - "c:\wamp\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> R2 wampmysqld - c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service> S2 avg8wd (AVG8 WatchDog) - c:\progra~1\avg\avg8\avgwdsvc.exe (file missing) S3 AdobeVersionCue - c:\program files\adobe\adobe version cue\service\versioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cue™> S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon> S4 Babelpvnpsma - -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: Modem Device on High Definition Audio Bus Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&277104FA&0&0102 Manufacturer: Name: Modem Device on High Definition Audio Bus PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&277104FA&0&0102 Service: -- Files created between 2008-05-24 and 2008-06-24 ----------------------------- 2008-06-23 15:57:16 0 d-------- C:\WINDOWS\pss 2008-06-23 15:54:35 0 d--h----- C:\Documents and Settings\DM\Application Data\m 2008-06-23 15:32:38 0 d-------- C:\Program Files\Process Master 2008-06-23 10:38:58 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-23 10:11:11 0 d-------- C:\Documents and Settings\DM\Application Data\AVGTOOLBAR 2008-06-19 16:44:49 0 d-------- C:\WINDOWS\system32\LogFiles 2008-06-18 14:08:33 0 d-------- C:\PrinceFoundation 2008-06-18 14:08:25 442368 --a------ C:\WINDOWS\UniInstall34.exe <Not Verified; MatchWare; UniInst> 2008-06-13 17:31:47 0 d-------- C:\Program Files\Vodafone 2008-06-10 11:28:42 266240 --a------ C:\WINDOWS\system32\dXPSystm.dll <Not Verified; Developer Express Inc.; XpressPrinting System> 2008-06-10 11:28:42 1667072 --a------ C:\WINDOWS\system32\DXdbGrid.dll <Not Verified; Developer Express Inc.; XpressQuantumGrid> 2008-06-10 11:28:39 0 d-------- C:\Program Files\MBTrading 2008-06-08 16:01:06 0 d--hs---- C:\WINDOWS\ftpcache 2008-06-07 17:59:05 0 d-------- C:\Program Files\Atari800WinPLus 2008-05-29 07:33:17 0 d-------- C:\Program Files\VirtualNetwork 2008-05-28 18:29:01 0 d-------- C:\Program Files\ZIO 2008-05-28 09:03:05 0 d-------- C:\Program Files\CoreCodec 2008-05-27 19:19:49 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-05-27 19:19:32 0 d-------- C:\Program Files\Windows Mobile Resources 2008-05-26 11:15:36 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 -- Find3M Report --------------------------------------------------------------- 2008-06-23 16:11:26 0 d-------- C:\Documents and Settings\DM\Application Data\Skype 2008-06-23 16:11:11 0 d-------- C:\Documents and Settings\DM\Application Data\skypePM 2008-06-23 13:32:19 0 d-------- C:\Program Files\K-Lite Codec Pack 2008-06-23 10:10:24 0 d-------- C:\Documents and Settings\DM\Application Data\Adobe 2008-06-22 19:52:33 61154 --a------ C:\WINDOWS\system32\nvModes.dat 2008-06-19 14:35:51 0 d-------- C:\Documents and Settings\DM\Application Data\BitTorrent 2008-06-17 12:33:38 0 d-------- C:\Documents and Settings\DM\Application Data\dvdcss 2008-06-13 17:31:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-27 19:21:26 2528 --a------ C:\Documents and Settings\DM\Application Data\$_hpcst$.hpc 2008-05-20 12:24:15 0 d-------- C:\Documents and Settings\DM\Application Data\Video DVD Maker FREE 2008-05-20 12:23:36 0 d-------- C:\Program Files\AVStoDVD 2008-05-20 12:23:32 0 d-------- C:\Program Files\AviSynth 2.5 2008-05-19 15:46:03 0 d-------- C:\Program Files\Groschengrab 2 2008-05-02 13:53:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D7B211A-88EA-490c-BAB9-3600D8D7C503}] C:\Program Files\ConnectionServices\ConnectionServices.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 08:30 AM C:\WINDOWS\stsystra.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/01/2006 06:46 AM] "nwiz"="nwiz.exe" [05/01/2006 06:46 AM C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [05/01/2006 06:46 AM C:\WINDOWS\system32\nvhotkey.dll] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [01/14/2004 02:10 PM] "AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [09/11/2003 09:22 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 11:55 AM] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 11:56 AM] "BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:00 PM C:\WINDOWS\system32\bthprops.cpl] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/18/2007 04:16 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM] C:\Documents and Settings\DM\Start Menu\Programs\Startup\ WampServer.lnk - C:\wamp\wampserver.exe [6/27/2004 9:57:36 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/16/2007 9:33:04 AM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 10:15:54 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "Windows Security Tool"=WinSecure.exe SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bed5be9-6d22-11dc-9926-0015c51594ff}] Auto\command- F:\RavMonE.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1848141-0ba6-11dc-8b74-806d6172696f}] AutoRun\command- D:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec68e66-395d-11dd-99c8-0015c51594ff}] AutoRun\command- F:\VMC_PBStarter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec68e67-395d-11dd-99c8-0015c51594ff}] AutoRun\command- F:\VMC_PBStarter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e45c8d64-0c1f-11dc-98cf-d9cdad6fed9d}] AutoRun\command- F:\nideiect.com explore\Command- F:\nideiect.com open\Command- F:\nideiect.com -- End of Deckard's System Scanner: finished at 2008-06-24 09:35:22 ------------ extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz CPU 1: Genuine Intel® CPU T2500 @ 2.00GHz Percentage of Memory in Use: 42% Physical Memory (total/avail): 1022.05 MiB / 586.67 MiB Pagefile Memory (total/avail): 2458.56 MiB / 1933.5 MiB Virtual Memory (total/avail): 2047.88 MiB / 1915.85 MiB C: is Fixed (NTFS) - 93.16 GiB total, 12.11 GiB free. D: is CDROM (CDFS) E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST910021AS - 93.16 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 93.16 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntivirusOverride is set. Unable to create WMI object. -- Environment Variables ------------------------------------------------------- ALIAS_TRANSLATION_SERVICE_LOCATION=C:\Program Files\Alias\DirectConnect 1.0\ ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\DM\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DANIELPLAPTOP ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\DM LOGONSERVER=\\DANIELPLAPTOP NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Internet Explorer;;C:\Program Files\Alias\Maya6.5\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\Program Files\MBTrading\MBT Navigator;. PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e08 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\DM\LOCALS~1\Temp TMP=C:\DOCUME~1\DM\LOCALS~1\Temp USERDOMAIN=DANIELPLAPTOP USERNAME=DM USERPROFILE=C:\Documents and Settings\DM windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Digital_Magic (admin) DM (admin) Administrator.DANIELPLAPTOP (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe Captivate 3 --> MsiExec.exe /X{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2} Adobe Flash CS3 --> MsiExec.exe /I{C614ED97-4594-4BE7-B6A4-471CDB77E8E0} Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\aef45239e3987fdf2a5e406d559eb22\Setup.exe Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9} Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe InDesign CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe" Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628} Adobe Setup --> MsiExec.exe /I{5D346AB1-7910-4115-B61B-468237D86C6B} Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D} Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} African Palace Casino --> "C:\Casino\African Palace Casino\_SetupCasino.exe" /uninstall AstroPop 1.0.0.1 --> C:\WINDOWS\iun6002.exe "C:\AstroPop\irunin.ini" Atari800Win PLus 4.0 --> C:\Program Files\Atari800WinPLus\Uninstall.exe Atmosphere Deluxe v6.0 --> "C:\Program Files\Atmosphere Deluxe\unins000.exe" AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe" AVStoDVD --> C:\Program Files\AVStoDVD\uninstall.exe Azgard --> C:\Program Files\Microsoft ActiveSync\Azgard\Uninstall.exe Azgard BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe Canon PIXMA iP1000 --> C:\WINDOWS\system32\CNMCP6e.exe "-PRINTERNAMECanon PIXMA iP1000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmi0409.dll" Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE CorePlayer Mobile for PocketPC (remove only) --> C:\Program Files\CoreCodec\CorePlayer Mobile for PocketPC\Uninstall.exe Dreamway for Pocket PC --> "C:\Program Files\Microsoft ActiveSync\Dreamway\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Groschengrab 2 --> C:\Program Files\Groschengrab 2\Uninstal.exe High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe IPWireless PC Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F44A780-2D5D-11D4-AD0C-00C04F619538}\setup.exe" -l0x9 Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Joost ™ 0.12.0 --> C:\Program Files\Joost\uninst.exe K-Lite Codec Pack 3.1.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6} Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B} Maya 6.5 --> MsiExec.exe /I{17B41A19-7FD5-4B0C-A2AB-1A065669F8A3} MBT Navigator --> C:\PROGRA~1\MBTRAD~1\MBTNAV~1\UNWISE.EXE C:\PROGRA~1\MBTRAD~1\MBTNAV~1\INSTALL.LOG mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Miranda IM 0.6.8 --> C:\Program Files\Miranda IM\uninstall.exe mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NetLimiter 2 Pro (remove only) --> "C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe" NingPo MahJong Deluxe 1.04 --> C:\Program Files\PopCap Games\NingPo MahJong Deluxe\UnGins.exe "C:\Program Files\PopCap Games\NingPo MahJong Deluxe\install.log" NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OmniGSoft Super-G Stunt 1.0 --> C:\Program Files\Microsoft ActiveSync\OmniGSoft Super-G Stunt 1.0\Uninstall.exe OmniGSoft Super-G Stunt 1.0 OZ776 SCR CardBus Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033 PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Peggle (remove only) --> C:\Program Files\Peggle\Uninstall.exe Pixelus Deluxe 1.0 --> C:\Program Files\PopCap Games\Pixelus Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Pixelus Deluxe\Install.log" PPP over Ethernet Protocol 0.98 --> C:\WINDOWS\system32\RASPPPOE.EXE /REMOVE Process Master 1.1 --> "C:\Program Files\Process Master\unins000.exe" Real Alternative 1.22 --> "C:\Program Files\Real Alternative\unins000.exe" Rocket Mania 1.0 --> C:\Program Files\PopCap Games\Rocket Mania Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Rocket Mania Deluxe\Install.log" Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Simcity 2000 for Pocket PC --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft ActiveSync\ZIO\Simcity 2000 for Pocket PC\Uninst.isu" SimCity 4 Rush Hour --> C:\Program Files\Maxis\SimCity 4\EAUninstall.exe Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Skype™ for Pocket PC 2.2 --> "C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\unins000.exe" Snake Deluxe --> C:\Program Files\Microsoft ActiveSync\Snake Deluxe\Uninstall.exe Snake Deluxe Spb Quadronica --> C:\Program Files\Microsoft ActiveSync\Spb Quadronica\Uninstall.exe Spb Quadronica TightVNC 1.2.9 --> "C:\Program Files\TightVNC\unins000.exe" UV DirectShow Pack --> "C:\WINDOWS\Uninstall_UV_DirectShow_Pack.exe" Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe VirtualNetwork --> "C:\Program Files\VirtualNetwork\Uninstall.exe" Vodafone Mobile Connect Lite Runtime Components --> MsiExec.exe /X{B2974D26-9080-4FA4-B344-DA2D314F41DC} WAMP5 1.6.5 --> c:\wamp\unins000.exe Windows Mobile Resources --> C:\Program Files\Windows Mobile Resources\Windows Mobile Device Handbook\Bin\DHUninstall.exe WinPcap 3.01 alpha --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe ZBrush3 --> MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB} -- Application Event Log ------------------------------------------------------- Event Record #/Type4575 / Error Event Submitted/Written: 06/22/2008 08:18:07 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application nlclient.exe, version 1.0.14.1, faulting module rpcrt4.dll, version 5.1.2600.3173, fault address 0x000085f7. Processing media-specific event for [nlclient.exe!ws!] Event Record #/Type4567 / Error Event Submitted/Written: 06/22/2008 08:11:46 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application notepad.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type4566 / Error Event Submitted/Written: 06/22/2008 08:07:46 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application notepad.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type4558 / Error Event Submitted/Written: 06/21/2008 05:38:15 PM Event ID/Source: 1802 / SecurityCenter Event Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Event Record #/Type4547 / Error Event Submitted/Written: 06/21/2008 08:54:14 AM Event ID/Source: 1802 / SecurityCenter Event Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type100805 / Warning Event Submitted/Written: 06/24/2008 09:28:15 AM Event ID/Source: 30 / RMSPPPOE Event Description: Received a PPPoE Active Discovery Session-confirmation packet without a Host Unique ID tag. Ignoring this packet. Event Record #/Type100803 / Warning Event Submitted/Written: 06/24/2008 09:28:13 AM Event ID/Source: 30 / RMSPPPOE Event Description: Received a PPPoE Active Discovery Session-confirmation packet without a Host Unique ID tag. Ignoring this packet. Event Record #/Type100801 / Warning Event Submitted/Written: 06/24/2008 09:28:11 AM Event ID/Source: 30 / RMSPPPOE Event Description: Received a PPPoE Active Discovery Session-confirmation packet without a Host Unique ID tag. Ignoring this packet. Event Record #/Type100799 / Warning Event Submitted/Written: 06/24/2008 09:28:09 AM Event ID/Source: 30 / RMSPPPOE Event Description: Received a PPPoE Active Discovery Session-confirmation packet without a Host Unique ID tag. Ignoring this packet. Event Record #/Type100797 / Warning Event Submitted/Written: 06/24/2008 09:28:07 AM Event ID/Source: 30 / RMSPPPOE Event Description: Received a PPPoE Active Discovery Session-confirmation packet without a Host Unique ID tag. Ignoring this packet. -- End of Deckard's System Scanner: finished at 2008-06-24 09:35:22 ------------ This post has been edited by danonne: Jun 24 2008, 03:04 AM |
 |
 
|
|
Jun 25 2008, 03:26 AM
Post
#2
|
|
|
New Member Group: Members Posts: 5 Joined: 23-June 08 From: South Africa Member No.: 218,096 |
Hello again,
THe reason I am posting a reply to my own post is I want it off the "needs attention" list. I decided to go the route of formatting my harddrive. I backed up the fiels I need and am now in the process of reinstalling windows (after having done a full NTFS format). However if anybody can shed some light on what the hell this thing was - please let me know. epecially if you can help me with the following questions: I want to make sure that this ting did not keep itself in the MBR - anything i can do to clean it or fix it or at least check? (other than low - level format) I copied all the fiels i wanted to keep (videos, music, stand alone programs) to an external HD. I know exactly what file the visrus came from so I didnt copy that one and I obviously did not copy and system or program files. Is there a high chance of the malware coming across with the other files? Once I reinstall windows and get an antivirus program on it, and I plug in the external drive - if the virus is there will it jump accross or will i be able to safely scan the drive before doing anything? Thank you all for your help and keep up the good work! Dan |
|
|
|
|
Jul 17 2008, 02:58 PM
Post
#3
|
|
 W.A.M. (Women Against Malware) Group: HJT Team Posts: 4,561 Joined: 3-January 05 From: South Carolina, USA Member No.: 8,530 |
Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.
If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. -------------------- You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators) Malware Removal University Masters Graduate  Join The Fight Against Malware No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed. |
|
|
|
|
Jul 18 2008, 02:12 AM
Post
#4
|
|
|
New Member Group: Members Posts: 5 Joined: 23-June 08 From: South Africa Member No.: 218,096 |
Hey,
Since then, I have already formatted my computer and reinstalled everything I need... I felt that my computer needed a fresh start anyway. So thanks for your reply but I am sorted now! Keep up the good work! |
|
|
|
|
Jul 19 2008, 07:04 PM
Post
#5
|
|
|
W.A.M. (Women Against Malware) Group: HJT Team Posts: 4,561 Joined: 3-January 05 From: South Carolina, USA Member No.: 8,530 |
Thank you for letting me know. If we can help you in the future, please let us know.
This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators) Malware Removal University Masters Graduate Join The Fight Against Malware No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th July 2009 - 09:13 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.