Vundo/virtumonde/antivirus 2008 Pro Infection

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Vundo/virtumonde/antivirus 2008 Pro Infection, Don't think removal attempts have been successful

Options

phoen1x View Member Profile	Jun 29 2008, 09:36 AM Post #1
New Member Group: Members Posts: 1 Joined: 29-June 08 Member No.: 219,350	Hi, I got infected with the Antivirus 2008 Pro program, and have tried several times to get rid of it, but it seems to regenerate on each startup. Here are my logfiles: Deckard's System Scanner v20071014.68 Run by Tim on 2008-06-29 15:20:51 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 12: 2008-06-29 09:07:26 UTC - RP356 - Spyware Doctor: Cleaning Threats 11: 2008-06-29 08:52:50 UTC - RP354 - Spyware Doctor: Cleaning Threats 10: 2008-06-29 00:34:36 UTC - RP352 - Spyware Doctor: Cleaning Threats 9: 2008-06-29 00:30:55 UTC - RP350 - Installed Ad-Aware 8: 2008-06-29 00:22:21 UTC - RP349 - Spyware Doctor: Cleaning Threats -- First Restore Point -- 1: 2008-06-25 13:19:25 UTC - RP338 - Windows Vista Service Pack 1 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Tim.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:23:43, on 29/06/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Protector Suite QL\upeksvr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\WLANExt.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Windows\System32\LEXBCES.EXE C:\Windows\System32\spoolsv.exe C:\Windows\System32\LEXPPS.EXE C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Motorola\M3\m3dmsvc32.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\zstatus.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\rundll32.exe C:\Windows\Explorer.EXE C:\Users\Tim\Desktop\dss.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.dur.ac.uk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tim\AppData\Local\Temp\ljJcBuUM.dll,c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: M3 Service (M3DMService) - Motorola, Inc. - C:\Program Files\Motorola\M3\m3dmsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 11550 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 WCPU - \??\c:\program files\p4g\wcpu.sys S1 prodrv04 (Star Force copy protection driver v4) - c:\windows\system32\drivers\prodrv04.sys <Not Verified; Protection Technology Co.; Star Force copy protection> S3 ENTECH - \??\c:\windows\system32\drivers\entech.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 ASLDRService (ASLDR Service) - c:\program files\atk hotkey\asldrsrv.exe <Not Verified; ; ADSMSrv> R2 M3DMService (M3 Service) - c:\program files\motorola\m3\m3dmsvc32.exe <Not Verified; Motorola, Inc.; Motorola Messenger Modem> R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service> R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-28 22:31:35 414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{FBCAC277-BC98-4A29-85F9-6F88CC991299}.job -- Files created between 2008-05-29 and 2008-06-29 ----------------------------- 2008-06-29 15:18:40 0 d-------- C:\Windows\Sun 2008-06-29 12:50:03 0 d-------- C:\Program Files\Trend Micro 2008-06-29 02:13:31 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-29 01:32:10 0 d-------- C:\Program Files\Lavasoft 2008-06-29 01:32:09 0 d-------- C:\Users\All Users\Lavasoft 2008-06-29 01:30:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-28 11:43:58 0 d-------- C:\VundoFix Backups 2008-06-28 02:35:31 0 d-------- C:\Program Files\Spyware Doctor 2008-06-28 02:29:27 262144 --a------ C:\ntuser.dat 2008-06-28 01:18:24 0 d-------- C:\Users\All Users\Google Updater 2008-06-28 00:19:07 0 d--h----- C:\$AVG8.VAULT$ 2008-06-26 00:33:07 48640 --a------ C:\Windows\system32\Lexunst1.exe <Not Verified; Lexmark; Lexmark UNST> 2008-06-26 00:31:48 299520 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller> 2008-06-20 21:48:21 0 d-------- C:\8639edb2ac74b49f8a3aff7a7cdf0c -- Find3M Report --------------------------------------------------------------- 2008-06-29 12:50:42 12931 --a------ C:\Users\Tim\AppData\Roaming\nvModes.001 2008-06-29 10:08:32 12 --a------ C:\Windows\bthservsdp.dat 2008-06-29 01:30:28 0 d-------- C:\Program Files\Common Files 2008-06-28 02:46:09 0 d-------- C:\Program Files\Picasa2 2008-06-28 02:35:31 0 d-------- C:\Users\Tim\AppData\Roaming\PC Tools 2008-06-28 01:18:30 0 d-------- C:\Program Files\Google 2008-06-26 15:03:29 0 d-------- C:\Users\Tim\AppData\Roaming\OpenOffice.org2 2008-06-25 16:24:58 174 --ahs---- C:\Program Files\desktop.ini 2008-06-25 16:14:14 0 d-------- C:\Program Files\Windows Calendar 2008-06-25 16:14:13 0 d-------- C:\Program Files\Windows Sidebar 2008-06-25 16:14:13 0 d-------- C:\Program Files\Movie Maker 2008-06-25 16:14:11 0 d-------- C:\Program Files\Windows Mail 2008-06-25 16:14:08 0 d-------- C:\Program Files\Windows Collaboration 2008-06-25 16:14:06 0 d-------- C:\Program Files\Windows Journal 2008-06-25 16:14:05 0 d-------- C:\Program Files\Windows Photo Gallery 2008-06-25 16:13:51 0 d-------- C:\Program Files\Windows Defender 2008-06-25 13:24:03 12931 --a------ C:\Users\Tim\AppData\Roaming\nvModes.dat 2008-06-20 18:35:42 0 d-------- C:\Program Files\Safari 2008-06-11 01:04:01 0 d-------- C:\Users\Tim\AppData\Roaming\Skype 2008-05-22 22:35:41 0 d-------- C:\Program Files\BitZipper 2008-05-22 22:26:23 0 d-------- C:\Users\Tim\AppData\Roaming\MyPhoneExplorer 2008-05-22 22:14:10 0 d-------- C:\Program Files\Toshiba 2008-05-22 22:09:36 0 d-------- C:\Program Files\BitZipperSearch 2008-05-17 18:05:43 0 d-------- C:\Users\Tim\AppData\Roaming\BitZipper 2008-05-17 14:19:45 0 d-------- C:\Program Files\MyPhoneExplorer 2008-05-15 10:26:15 0 d-------- C:\Program Files\DivX 2008-05-14 10:20:45 0 d-------- C:\Program Files\VideoLAN 2008-05-12 10:24:14 0 d-------- C:\Users\Tim\AppData\Roaming\Adobe 2008-05-10 21:56:00 0 d-------- C:\Users\Tim\AppData\Roaming\AVG7 2008-05-10 21:54:51 0 d-------- C:\Program Files\AVG 2008-05-01 18:31:39 179 --a------ C:\Users\Tim\AppData\Roaming\wss.ini 2008-03-31 22:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-03-31 22:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-03-31 22:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-03-31 22:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll 2008-03-31 22:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [05/01/2007 13:07] "RtHDVCpl"="RtHDVCpl.exe" [23/03/2007 12:04 C:\Windows\RtHDVCpl.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2007 14:24] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25] "hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [15/12/2001 12:10] "4oD"="C:\Program Files\Kontiki\KHost.exe" [27/11/2007 12:58] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "kdx"="C:\Program Files\Kontiki\KHost.exe" [27/11/2007 12:58] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [10/05/2008 21:54] "Skytel"="Skytel.exe" [16/03/2007 08:06 C:\Windows\SkyTel.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [20/04/2007 14:32] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [20/04/2007 14:32] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [20/04/2007 14:32] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 08:33] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34] "@"="" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33] "cmds"="C:\Users\Tim\AppData\Local\Temp\ljJcBuUM.dll,c" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43] "kdx"="C:\Program Files\Kontiki\KHost.exe" [27/11/2007 12:58] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "DisableCAD"=1 (0x1) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Windows\system32\psqlpwd.dll 05/01/2007 13:28 90112 C:\Windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8756 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-29 15:28:23 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0 Architecture: X86; Language: English CPU 0: Intel® Core™2 Duo CPU T7300 @ 2.00GHz Percentage of Memory in Use: 60% Physical Memory (total/avail): 2046.57 MiB / 813.82 MiB Pagefile Memory (total/avail): 4332.16 MiB / 2719.29 MiB Virtual Memory (total/avail): 2047.88 MiB / 1892.58 MiB C: is Fixed (NTFS) - 111.79 GiB total, 40.94 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST9120822AS ATA Device - 111.79 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 111.79 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: AVG v8.0 (AVG Technologies) AS: Spyware Doctor v5.5.0.204 (PC Tools) AS: AVG v8.0 (AVG Technologies) Disabled AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe::Enabled:BitTorrent" "C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe::Enabled:PPSÍøÂçµçÊÓ" "C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Tim\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=TIMLAPTOP ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Tim LOCALAPPDATA=C:\Users\Tim\AppData\Local LOGONSERVER=\\TIMLAPTOP NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\PROGRA~1\MOZILL~1;C:\Program Files\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;. PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0a ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Tim\AppData\Local\Temp TMP=C:\Users\Tim\AppData\Local\Temp USERDOMAIN=TimLaptop USERNAME=Tim USERPROFILE=C:\Users\Tim windir=C:\Windows __APPCOMPAT_MANIFEST= __COMPAT_LAYER=VistaSetUp -- User Profiles --------------------------------------------------------------- Tim -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} 4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606} Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0809 Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Arsenal Patch for FIFA 08 Demo --> C:\Program Files\EA Sports\FIFA 08 Demo\Uninstal.exe ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF} Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Canon MP180 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x0009 DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN F1 2002 WORK IN PROGRESS DEMO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB394D95-C049-4EA4-00B3-F866A3357CCD}\setup.exe" -l0x9 Uninstall FIFA 08 Demo --> MsiExec.exe /X{7D1928D2-26FA-45FA-A4DD-A876D7293818} Freewire Television --> C:\Program Files\InstallShield Installation Information\{0AAAAF26-C38A-4C7D-8ECE-1E15ECB34747}\setup.exe -runfromtemp -l0x0409 Genesys PC Camera Device --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}\setup.exe" -l0x9 -removeonly Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall hp LaserJet 1000 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{975C8028-51D8-44A9-9585-82E9810FE96A}\Setup.exe" Intel® PROSet/Wireless Software --> C:\Windows\Installer\iProInst.exe iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} mCore --> MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Motorola Messenger Modem --> "C:\Program Files\Motorola\M3\uninstall.exe" Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe Neat Image v5 Demo (with plug-in) --> "C:\Program Files\Neat Image\unins000.exe" NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI Opanda IExif 2.3 --> "C:\Program Files\Opanda\IExif 2.3\unins000.exe" Opanda PowerExif 1.2 Professional Trial --> "C:\Program Files\Opanda\PowerExif 1.2\unins000.exe" OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E} Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Power4Gear eXtreme --> C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\Setup.exe -runfromtemp -l0x0009 -removeonly QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} SILKYPIX Developer Studio 2.0 SE --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{5B25274F-088A-4A24-AE12-4AEE9278025A} /l1033 UNINSTALL Sky Anytime --> MsiExec.exe /X{DD30C2FD-F485-46A8-8153-88EC2650BC79} Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SopCast 2.0.4 --> C:\Program Files\SopCast\uninst.exe Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tiger Woods PGA TOUR 08 Demo --> C:\Program Files\EA Sports\Tiger Woods PGA TOUR 08 Demo\EAUninstall.exe TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Webcam Surveyor 1.7.5 --> "C:\Program Files\Webcam Surveyor\unins000.exe" Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -- Application Event Log ------------------------------------------------------- Event Record #/Type24191 / Error Event Submitted/Written: 06/29/2008 02:56:29 PM Event ID/Source: 1002 / Application Hang Event Description: The program Explorer.EXE version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e54 Start Time: 01c8d9de320b0c02 Termination Time: 0 Event Record #/Type24179 / Success Event Submitted/Written: 06/29/2008 00:46:39 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type24178 / Success Event Submitted/Written: 06/29/2008 00:46:38 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type24173 / Success Event Submitted/Written: 06/29/2008 00:46:27 PM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type24165 / Warning Event Submitted/Written: 06/29/2008 00:45:25 PM Event ID/Source: 6000 / Wlclntfy Event Description: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type101379 / Warning Event Submitted/Written: 06/29/2008 00:52:17 PM Event ID/Source: 3004 / WinDefend Event Description: %TimLaptop27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TimLaptop27 can't undo changes that you allow. For more information please see the following: %TimLaptop275 Scan ID: {DDA00CBF-1D52-443E-874A-2CE3FF6BB895} User: TimLaptop\Tim Name: %TimLaptop271 ID: %TimLaptop272 Severity ID: %TimLaptop273 Category ID: %TimLaptop274 Path Found: %TimLaptop276 Alert Type: %TimLaptop278 Detection Type: 1.1.1600.02 Event Record #/Type101348 / Error Event Submitted/Written: 06/29/2008 00:46:50 PM Event ID/Source: 7026 / Service Control Manager Event Description: prodrv04 Event Record #/Type101270 / Error Event Submitted/Written: 06/29/2008 00:46:30 PM Event ID/Source: 15016 / HTTP Event Description: \Device\Http\ReqQueueKerberos Event Record #/Type101248 / Error Event Submitted/Written: 06/29/2008 10:12:42 AM Event ID/Source: 10005 / DCOM Event Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Event Record #/Type101247 / Error Event Submitted/Written: 06/29/2008 10:12:41 AM Event ID/Source: 7001 / Service Control Manager Event Description: Network List ServiceNetwork Location Awareness%%1068 -- End of Deckard's System Scanner: finished at 2008-06-29 15:28:23 ------------ Thanks for your help!

SifuMike View Member Profile	Jul 6 2008, 09:23 PM Post #2
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hello phoen1x, Please disable Windows Defener and Spybot Teatimer, as they will prevent Malwarebytes' Anti-Malware from working correctly. To disable Spybot's Teatimer: Run Spybot-S&D Go to the Mode menu, and make sure "Advanced Mode" is selected On the left hand side, choose Tools -> Resident Uncheck "Resident TeaTimer" and OK any prompts To disable Windows Defender: Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main.txt log. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll This post has been edited by SifuMike: Jul 6 2008, 09:28 PM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

SifuMike View Member Profile	Jul 17 2008, 05:32 PM Post #3
malware expert Group: HJT Team Posts: 14,728 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 10:28 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides