Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log ---- Pretty Bad Computer Probs


  • This topic is locked This topic is locked
13 replies to this topic

#1 Taima

Taima

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 24 August 2007 - 01:16 PM

Yeah I've been getting little popup advertisements for virus protector stuff and i didnt' really mind it. I tried running AVG, and AVG anti-spyware along with Ad-Aware. Yesterday, my computer started running really slow and the wallpaper turned red. I downloaded a 15 day trial of Norton 360 to try to get rid of everything. When I'm doing the scans, the computer restarts itself. My Internet Options have disappeared, and when I try to use task manager, it says "Task Manager has been disabled by your administrator. So please help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15, on 2007-08-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\update\update.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt290\Launcher.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://lsiops.webex.com/client/T23L/webex/ieatgpc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11608 bytes

BC AdBot (Login to Remove)

 


#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 25 August 2007 - 12:17 AM

I would like to take a look at this log for you and will get back to you as soon as I can.

Thank You.

#3 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 25 August 2007 - 07:14 AM

Hello Taima

Please Copy and Paste this post into a new text document or print it for reference

1. Re-open HijackThis and select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

Close any Explorer windows which may be open and click the "Fix Checked" button.



2. Please download the OTMoveIt from here:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Save it to your desktop.

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\l3acdb.dll


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


3. Download ComboFix.exe to your desktop.
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.


4. Please post this combofix.txt and the OTMoveIt log in your next reply

Thank you.

#4 Taima

Taima
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 25 August 2007 - 02:49 PM

ComboFix 07-08-25.2 - "Chris" 2007-08-25 15:42:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))


2007-08-25 15:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 14:54 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-08-24 16:54 <DIR> d-------- C:\a8eb9184865cc346a3
2007-08-23 22:47 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Symantec
2007-08-23 21:37 <DIR> d-------- C:\Program Files\Norton 360
2007-08-23 21:36 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-23 21:36 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-23 21:35 <DIR> d-------- C:\Program Files\Symantec
2007-08-23 21:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-23 21:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-20 23:44 <DIR> d-------- C:\Program Files\WarRock
2007-08-20 23:42 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\InstallShield
2007-08-20 17:06 <DIR> d-------- C:\Program Files\UrbanTerror
2007-08-19 18:38 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-08-19 18:38 <DIR> d-------- C:\Program Files\Belarc
2007-08-19 17:00 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-19 17:00 <DIR> d-------- C:\WINDOWS\nview
2007-08-19 16:59 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-19 16:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-19 16:54 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-08-19 16:50 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SystemRequirementsLab
2007-08-19 15:33 69,960 --a------ C:\WINDOWS\Unwash6.exe
2007-08-19 15:33 <DIR> d-------- C:\Program Files\Webroot
2007-08-19 15:33 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-08-19 15:33 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Webroot
2007-08-19 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-08-18 23:43 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\SecondLife
2007-08-18 23:41 <DIR> d-------- C:\Program Files\SecondLife
2007-08-15 09:24 <DIR> d-------- C:\Program Files\ReaConverter 5.0 Pro
2007-08-15 09:24 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\RCP 5
2007-08-12 18:50 <DIR> d-------- C:\WINDOWS\system32\temp2
2007-08-12 18:50 <DIR> d-------- C:\WINDOWS\system32\check
2007-08-08 23:23 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\My Games
2007-08-08 23:20 <DIR> d-------- C:\Program Files\Firaxis Games
2007-08-08 18:12 <DIR> d-------- C:\WINDOWS\pss
2007-08-07 20:41 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-07 18:54 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-07 12:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 12:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-07 11:24 <DIR> d-------- C:\Deckard
2007-08-03 00:09 <DIR> d-------- C:\Temp
2007-08-01 21:22 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-08-01 17:35 <DIR> d-------- C:\Program Files\Acclaim
2007-08-01 15:04 <DIR> d-------- C:\Program Files\Lavalys
2007-08-01 12:43 <DIR> d-------- C:\Program Files\Silkroad
2007-08-01 00:13 <DIR> d-------- C:\Program Files\MTV Networks
2007-08-01 00:00 <DIR> d-------- C:\Program Files\uTorrent
2007-07-31 19:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-31 01:16 <DIR> d-------- C:\Program Files\Little Fighter 2.5 - v2.0
2007-07-30 23:20 <DIR> d-------- C:\Program Files\Any Video Converter
2007-07-30 22:56 <DIR> d-------- C:\Program Files\WinPcap
2007-07-30 22:55 <DIR> d-------- C:\Program Files\WMR11
2007-07-30 22:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-30 22:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-30 22:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-27 17:55 <DIR> d-------- C:\DOCUME~1\Nizzic\APPLIC~1\Lavasoft
2007-07-27 10:05 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\uTorrent


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 15:34 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Xfire
2007-08-25 15:34 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Xfire
2007-08-25 15:23 --------- d-------- C:\Program Files\FlashGet
2007-08-24 14:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 21:40 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-23 21:40 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-23 17:43 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-23 17:43 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-23 11:31 --------- d-------- C:\Program Files\Windows NT
2007-08-22 09:57 --------- d---s---- C:\Program Files\Xfire
2007-08-21 00:38 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-19 22:49 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-19 22:49 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-19 14:43 --------- d-------- C:\DOCUME~1\Kelski\APPLIC~1\OpenOffice.org2
2007-08-17 18:54 --------- d-------- C:\Program Files\SystemRequirementsLab
2007-08-12 00:05 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\OpenOffice.org2
2007-08-12 00:05 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\OpenOffice.org2
2007-08-11 14:43 --------- d-------- C:\Program Files\Guild Wars
2007-08-11 14:41 --------- d-------- C:\Program Files\Viewpoint
2007-08-11 14:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-02 19:03 --------- d-------- C:\Program Files\LimeWire
2007-08-02 17:50 --------- d-------- C:\DOCUME~1\Kelski\APPLIC~1\LimeWire
2007-07-30 23:27 --------- d-------- C:\Program Files\Moyea
2007-07-30 23:15 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Moyea
2007-07-30 23:15 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Moyea
2007-07-30 22:24 --------- d-------- C:\Program Files\Google
2007-07-30 22:03 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Lavasoft
2007-07-30 22:03 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Lavasoft
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 10:00 --------- d-------- C:\Program Files\EndlessOnline
2007-07-17 12:21 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll
2007-07-16 11:18 --------- d-------- C:\DOCUME~1\Nizzic\APPLIC~1\Apple Computer
2007-07-16 11:16 --------- d-------- C:\DOCUME~1\Nizzic\APPLIC~1\WinRAR
2007-07-14 14:11 --------- d-------- C:\Program Files\RSDemon
2007-07-13 16:54 --------- d-------- C:\DOCUME~1\Nizzic\APPLIC~1\acccore
2007-07-12 22:55 --------- d-------- C:\Program Files\Iomega
2007-07-12 22:54 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Leadertech
2007-07-12 22:54 --------- d-------- C:\DOCUME~1\Chris\APPLIC~1\Leadertech
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-15 20:55 186443 --a------ C:\WINDOWS\system32\atasnt40.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe" [2007-06-15 11:17]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-08-09 13:56]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\Chris\STARTM~1\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-06 14:26:02]

C:\DOCUME~1\Kelski\STARTM~1\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Y'z ToolBar.lnk]
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
"C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S3 XDva004;XDva004;\??\C:\WINDOWS\system32\XDva004.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a20d56eb-fc34-11db-b4ac-00142a003b4d}]
AutoRun\command- F:\Autorun.exe

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-05 16:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 15:45:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 15:46:21
C:\ComboFix-quarantined-files.txt ... 2007-08-25 15:46
C:\ComboFix2.txt ... 2007-08-25 15:39
C:\ComboFix3.txt ... 2007-08-25 15:33

--- E O F ---

----------

File/Folder C:\WINDOWS\system32\l3acdb.dll not found.

Created on 08-25-2007 15:09:50

#5 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 26 August 2007 - 02:13 AM

Hello Taima

Please Copy and Paste this post into a new text document or print it for reference

1. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2. Download any latest updates for AVG Anti-Spyware
Do not run a scan yet.
please Boot to Safe Mode
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
Close all open windows and then start AVG Anti-Spyware
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected. <== This is important
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports and uncheck Only if threats were found.
    • Under What to scan? - Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine <== This is important
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Reboot in Normal Mode.

Please post the AVG anti-spyware scan results in your next reply and can you let me know how your system is running now

Thank you.

#6 Taima

Taima
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 26 August 2007 - 02:06 PM

Here you go, btw, do you know why it changed my wallpaper to red?

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:24:25 PM 8/26/2007

+ Scan result:



HKU\S-1-5-21-1482476501-2025429265-725345543-1006\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1482476501-2025429265-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP184\A0183750.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP184\A0183761.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP185\A0183814.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP185\A0183824.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP186\A0184831.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP188\A0185154.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP188\A0185704.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP188\A0185800.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP191\A0186794.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP191\A0186807.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP191\A0187807.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP192\A0188829.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP192\A0189833.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP192\A0190830.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP192\A0190845.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP192\A0192847.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP192\A0192863.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP193\A0193865.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP193\A0194860.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP183\A0183658.exe -> Downloader.Small.eqn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP188\A0185192.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C10B256-18BF-47A3-9564-99DC66551C07}\RP193\A0197877.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

#7 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 27 August 2007 - 01:35 AM

Hello Taima

do you know why it changed my wallpaper to red?

Can you tell me at what stage did this start happening and are you able to change your Wallpaper at all, Try Right-Clicking on an empty area on your desktop: select "Properties" > "Desktop" select any background image then "Apply", let me know how this goes.

Please now Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
In your next reply Please Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt from the Deckard's System Scanner scan.

Thank you.

#8 Taima

Taima
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 27 August 2007 - 11:00 AM

I did the scan but the extra.txt log did not come up. All I got was the main.txt, so I'll post that here. I don't know why I didn't do it before but my wallpaper works fine now. I guess I was just too lazy before to do it myself lol. I got a couple questions for you. #1 Where did I get these viruses or w/e they are? and #2 I'm not really being impatient or anything but how much longer is this gonna take? Thanks man.

Deckard's System Scanner v20070804.61
Run by Chris on 2007-08-27 at 11:55:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.19 GiB (less than 15%) free.


-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:50 AM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://lsiops.webex.com/client/T23L/webex/ieatgpc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9018 bytes

-- Files created between 2007-07-27 and 2007-08-27 -----------------------------

2007-08-25 15:41:48 0 d--hs---- C:\Documents and Settings\Chris\Recent
2007-08-24 16:54:23 0 d-------- C:\a8eb9184865cc346a3
2007-08-23 22:47:05 0 d-------- C:\Documents and Settings\Chris\Application Data\Symantec
2007-08-23 21:37:38 0 d-------- C:\Program Files\Norton 360
2007-08-23 21:35:02 0 d-------- C:\Program Files\Symantec
2007-08-23 21:34:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-23 21:33:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-20 23:44:03 0 d-------- C:\Program Files\WarRock
2007-08-20 23:42:51 0 d-------- C:\Documents and Settings\Chris\Application Data\InstallShield
2007-08-20 17:06:12 0 d-------- C:\Program Files\UrbanTerror
2007-08-19 18:38:21 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-08-19 18:38:21 0 d-------- C:\Program Files\Belarc
2007-08-19 17:00:35 0 d-------- C:\WINDOWS\nview
2007-08-19 16:54:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-19 16:54:25 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-08-19 16:50:29 0 d-------- C:\Documents and Settings\Chris\Application Data\SystemRequirementsLab
2007-08-19 15:33:22 0 d-------- C:\Documents and Settings\Chris\Application Data\Webroot
2007-08-19 15:33:20 0 d-------- C:\Program Files\Webroot
2007-08-19 15:33:20 0 d-------- C:\Program Files\Common Files\Webroot Shared
2007-08-19 15:33:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-08-18 23:43:16 0 d-------- C:\Documents and Settings\Chris\Application Data\SecondLife
2007-08-18 23:41:47 0 d-------- C:\Program Files\SecondLife
2007-08-15 09:24:18 0 d-------- C:\Documents and Settings\Chris\Application Data\RCP 5
2007-08-15 09:24:17 0 d-------- C:\Program Files\ReaConverter 5.0 Pro
2007-08-12 18:50:59 0 d-------- C:\WINDOWS\system32\temp2
2007-08-12 18:50:59 0 d-------- C:\WINDOWS\system32\check
2007-08-12 16:09:54 0 d-------- C:\Program Files\Sun
2007-08-12 13:49:28 0 d-------- C:\Program Files\Common Files\Java
2007-08-08 23:23:08 0 d-------- C:\Documents and Settings\Chris\Application Data\My Games
2007-08-08 23:20:14 0 d-------- C:\Program Files\Firaxis Games
2007-08-08 18:12:53 0 d-------- C:\WINDOWS\pss
2007-08-07 20:41:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-08-07 18:54:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2007-08-07 12:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-07 12:02:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-05 12:05:12 0 d-------- C:\Documents and Settings\Nizzic\Application Data\Adobe
2007-08-03 00:09:32 0 d-------- C:\Temp
2007-08-01 21:22:35 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-08-01 17:35:12 0 d-------- C:\Program Files\Acclaim
2007-08-01 15:04:04 0 d-------- C:\Program Files\Lavalys
2007-08-01 12:43:11 0 d-------- C:\Program Files\Silkroad
2007-08-01 00:13:42 0 d-------- C:\Start Menu
2007-08-01 00:13:42 0 d-------- C:\Program Files\MTV Networks
2007-08-01 00:00:43 0 d-------- C:\Program Files\uTorrent
2007-07-31 19:32:03 0 d-------- C:\Program Files\Trend Micro
2007-07-31 01:16:59 0 d-------- C:\Program Files\Little Fighter 2.5 - v2.0
2007-07-30 23:20:15 0 d-------- C:\Program Files\Any Video Converter
2007-07-30 22:56:42 0 d-------- C:\Program Files\WinPcap
2007-07-30 22:55:23 0 d-------- C:\Program Files\WMR11
2007-07-30 22:07:55 0 d-------- C:\Program Files\Lavasoft
2007-07-30 22:07:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-30 22:07:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 17:55:43 0 d-------- C:\Documents and Settings\Nizzic\Application Data\Lavasoft
2007-07-27 10:05:09 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2007-08-27 11:56:03 0 d-------- C:\Program Files\FlashGet
2007-08-26 14:33:04 0 d-------- C:\Documents and Settings\Chris\Application Data\Xfire
2007-08-25 15:23:57 0 d-------- C:\Program Files\Common Files
2007-08-24 16:54:51 0 d-------- C:\Documents and Settings\Chris\Application Data\AVG7
2007-08-24 14:19:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 11:31:36 0 d-------- C:\Program Files\Windows NT
2007-08-22 09:57:58 0 d---s---- C:\Program Files\Xfire
2007-08-18 23:44:01 0 d-------- C:\Documents and Settings\Chris\Application Data\Mozilla
2007-08-17 18:54:29 0 d-------- C:\Program Files\SystemRequirementsLab
2007-08-12 16:09:48 0 d-------- C:\Program Files\Java
2007-08-12 00:05:34 0 d-------- C:\Documents and Settings\Chris\Application Data\OpenOffice.org2
2007-08-11 14:43:13 0 d-------- C:\Program Files\Guild Wars
2007-08-11 14:41:38 0 d-------- C:\Program Files\Viewpoint
2007-08-02 19:03:42 0 d-------- C:\Program Files\LimeWire
2007-07-30 23:27:48 0 d-------- C:\Program Files\Moyea
2007-07-30 23:15:45 0 d-------- C:\Documents and Settings\Chris\Application Data\Moyea
2007-07-30 22:24:58 0 d-------- C:\Program Files\Google
2007-07-30 22:03:58 0 d-------- C:\Documents and Settings\Chris\Application Data\Lavasoft
2007-07-27 10:00:19 0 d-------- C:\Program Files\EndlessOnline
2007-07-14 14:11:00 0 d-------- C:\Program Files\RSDemon
2007-07-12 22:55:43 0 d-------- C:\Program Files\Iomega
2007-07-12 22:54:22 0 d-------- C:\Documents and Settings\Chris\Application Data\Leadertech
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-15 20:55:18 186443 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 01:13 AM]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe" [06/15/2007 11:17 AM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/09/2007 01:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [8/6/2007 2:26:02 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Y'z ToolBar.lnk]
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
"C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a20d56eb-fc34-11db-b4ac-00142a003b4d}]
AutoRun\command- F:\Autorun.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-08-27 at 11:56:14 ---------

#9 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 27 August 2007 - 02:42 PM

Hello Taima

I'm not really being impatient or anything but how much longer is this gonna take?

Sorry to keep you so long... If everything is running "ok" now then please "Disable" and then "Re-Enable" your System Restore.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


Where did I get these viruses or w/e they are?

Take a look at these tutorials

So how did I get infected in the first place?
Simple and easy ways to keep your computer safe and secure on the Internet

Thank you.

#10 Taima

Taima
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 27 August 2007 - 09:44 PM

Was that it because the computer runs kinda slow and starts up slow as crap still.

#11 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 28 August 2007 - 05:42 AM

Hello Taima

1. To help speed things up a little please ensure this system has only One Firewall and One Anti-Virus software installed, Firewall and Anti-Virus resident scanners run inside the kernel mode of Windows, or deep inside of the operating system. Having two AV residents trying to manipulate things there can cause a your system to run slow, go to Start | Control Panel | Add/Remove Programs and Uninstall the one you no longer wish to keep

2. Download and run StartUp Inspector.
This program will help you to decide what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

3. Reboot into Safe Mode by shutting down your system, then Restart your computer as soon as it starts booting up again continuously tap F8. from the menu select the option to enter Safe Mode

Go to Start > All Programs > Accessories > System Tools > Disk Defragmenter

Highlight the drive that you want to check, and press the Analyze button. XP will tell you whether the drive needs to be defragmented. If XP does recommend defragging, click the Defragment button.

Reboot back into Normal Mode

4. Please also take a look at this thread here it may be of some help
http://users.telenet.be/bluepatchy/miekiem...lowcomputer.htm


Hope This helps

Thank you.

#12 Taima

Taima
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 29 August 2007 - 08:37 AM

I ran the start up inspector thing and cut a few things out. Still doesn't start up very fast but that might have something to do with Norton. I checked to see if I needed to defrag but I didn't although I did it anyway.

As for that link you gave me, it doesn't work.

#13 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 30 August 2007 - 11:30 AM

Hello Taima

Sorry about that link not sure where that tutorial went to, it may be getting updated....

Please Open Hijackthis
Click Open Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as Uninstall_list.txt

In your next reply please post:

1/ A new HijackThis log
2/ The Uninstall_list.txt

Thank you.

#14 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 09 September 2007 - 02:17 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users