Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sloww


  • Please log in to reply
29 replies to this topic

#1 fritzle

fritzle

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 19 October 2007 - 05:04 PM

This will be my second time having problems with my computer...This time, I keep noticing I'm having Windows Security Alerts that keep saying "Your computer might be infected!" I have firewall, automatic updates, and Virus scanner all on. I also noticed that I sent out two jacked myspace messages a few days ago, but no more since. My internet also keeps cutting out for a few minutes at a time (up to hours) but I'm not sure if all of this is causing that.

Anyways, heres my hijack this log...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:37 PM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Google\Google Talk\googletalk.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\SanDisk\Common\Bin\WinCinemaMgr.exe
E:\Program Files\SEC\MagicTune3.6\GammaTray.exe
E:\Program Files\SEC\Natural Color Pro\NCProTray.exe
E:\Program Files\SEC\MagicTune3.6\MagicTune.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\AIM\aim.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WinCinema Manager.lnk = E:\Program Files\SanDisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - E:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6504 bytes

BC AdBot (Login to Remove)

 


m

#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 AM

Posted 05 November 2007 - 06:24 AM

Hi fritzle, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.

#3 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 05 November 2007 - 07:17 PM

Thank you for replying to my post. Here is a fresh log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:59 PM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\SanDisk\Common\Bin\WinCinemaMgr.exe
E:\Program Files\SEC\MagicTune3.6\GammaTray.exe
E:\Program Files\SEC\Natural Color Pro\NCProTray.exe
E:\Program Files\SEC\MagicTune3.6\MagicTune.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MEMonitor.lnk = E:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: WinCinema Manager.lnk = E:\Program Files\SanDisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - E:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6479 bytes

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 AM

Posted 06 November 2007 - 04:13 PM

Hi fritzle, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

Thank you for replying to my post.


You're very welcome.

1. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u3). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6u3
2. Download Deckard's System Scanner and save it to your Desktop.

* Double click dss.exe and follow the prompts.
* When finished, it will produce a log for you.
* Post the contents of that log in your next reply.
* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Deckard\System Scanner folder. You will find two logs in the folder, main.txt and extra.txt.
* Open the main.txt log in Notepad
* Also Copy and Paste its contents in a reply.

3. Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

4.

I have firewall, automatic updates, and Virus scanner all on.


You use Windows internal firewall, right? If so I suggest you install a decent 3rd party firewall which will also block "outgoing" attempts to access the net. The Windows version only blocks "incoming".

For a tutorial on Firewalls, click: Understanding and Using Firewalls! It also has a list of links for popular and free firewalls.

Please post the F-Secure report along with the DSS main/extra logs.

#5 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 06 November 2007 - 08:09 PM

I have lots of malware and spyware, so my internet is VERY slow. Im trying to download java now...but I dont know if it will even work!

#6 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 16 November 2007 - 10:55 PM

Okay... for some reason, i cannot run the F-Secure online scanner. It just wont start to scan, it says it cant download necessary files.

I ran the Deckards scan and I cannot find the extra file. so here is the main file..Deckard's System Scanner v20071014.68
Run by Jake on 2007-11-11 23:59:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jake.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:25 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\SanDisk\Common\Bin\WinCinemaMgr.exe
E:\Program Files\SEC\MagicTune3.6\GammaTray.exe
E:\Program Files\SEC\Natural Color Pro\NCProTray.exe
E:\Program Files\SEC\MagicTune3.6\MagicTune.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Jake\Desktop\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\Jake.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MEMonitor.lnk = E:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: WinCinema Manager.lnk = E:\Program Files\SanDisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.6.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - E:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6497 bytes

-- Files created between 2007-10-11 and 2007-11-11 -----------------------------

2007-11-11 13:33:14 0 d-------- E:\Program Files\Common Files\Java
2007-10-28 20:27:55 0 d-------- E:\Documents and Settings\Jake\Application Data\SecondLife
2007-10-28 20:27:19 0 d-------- E:\Program Files\SecondLife
2007-10-28 13:30:37 0 dr-h----- E:\Documents and Settings\Jake\Recent
2007-10-28 11:44:25 0 d-------- E:\Documents and Settings\Jake\Application Data\SiteAdvisor
2007-10-28 11:44:25 0 d-------- E:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-28 11:44:25 0 d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-10-21 21:24:03 0 d------c- E:\WINDOWS\system32\DRVSTORE
2007-10-21 21:23:48 0 d-------- E:\Program Files\Common Files\Motorola Shared
2007-10-21 21:23:09 528384 -----n--- E:\WINDOWS\system32\VZWDownManager.exe <Not Verified; Verizon; VZWDownManager Application>
2007-10-21 21:23:08 49152 -----n--- E:\WINDOWS\system32\VZWDLManager.dll <Not Verified; ; VZWDLManager Module>
2007-10-21 21:23:02 0 d-------- E:\Program Files\Verizon Wireless
2007-10-21 21:20:26 0 d-------- E:\Program Files\Windows Media Connect 2
2007-10-21 21:18:33 0 d-------- E:\WINDOWS\system32\drivers\UMDF
2007-10-21 21:17:19 0 d-------- E:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2007-11-11 23:56:51 0 d-------- E:\Program Files\Java
2007-11-11 13:33:14 0 d-------- E:\Program Files\Common Files
2007-11-11 11:14:36 0 d-------- E:\Program Files\Symantec AntiVirus
2007-11-02 18:59:21 1108 --a------ E:\WINDOWS\system32\tmp.reg
2007-10-23 20:27:51 0 d-------- E:\Documents and Settings\Jake\Application Data\MP3Rocket


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="E:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 06:18 PM]
"CTSysVol"="E:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 01:43 PM]
"VTTrayp"="VTtrayp.exe" [03/11/2005 04:33 AM E:\WINDOWS\system32\VTTrayp.exe]
"P17Helper"="P17.dll" [05/03/2005 10:38 PM E:\WINDOWS\system32\P17.dll]
"ATICCC"="E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 04:43 PM]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [09/01/2006 06:57 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="E:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 02:04 AM]

E:\Documents and Settings\Jake\Start Menu\Programs\Startup\
MEMonitor.lnk - E:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [10/21/2007 9:23:03 PM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - E:\Program Files\SanDisk\Common\Bin\WinCinemaMgr.exe [2/26/2007 10:59:12 PM]
Color Calibration.lnk - E:\Program Files\SEC\MagicTune3.6\GammaTray.exe [12/29/2006 8:13:36 PM]
MagicTune 3.6.lnk - E:\Program Files\SEC\MagicTune3.6\MagicTuneTray.exe [12/29/2006 8:13:58 PM]
NCProTray.lnk - E:\Program Files\SEC\Natural Color Pro\NCProTray.exe [12/29/2006 8:06:47 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Jake^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=E:\Documents and Settings\Jake\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=E:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
E:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"E:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"E:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
E:\Program Files\Common Files\AOL\1138808937\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
E:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet




-- End of Deckard's System Scanner: finished at 2007-11-11 23:59:46 ------------

#7 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 AM

Posted 18 November 2007 - 04:17 PM

Hi fritzle, :thumbsup:

Okay let's dig some deeper:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

#8 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 18 November 2007 - 06:42 PM

Hmm... There is no run scan button in this program... only an extract, close, and about button. Then at the bottom it says Existing files--Confirm over write, dont overwrite, overwrite, with the little circles that you check in next to each.

#9 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 AM

Posted 19 November 2007 - 05:47 AM

Hi fritzle, :thumbsup:

Hmm... There is no run scan button in this program... only an extract, close, and about button. Then at the bottom it says Existing files--Confirm over write, dont overwrite, overwrite, with the little circles that you check in next to each.


As it says in the instructions, first line: double-click on it, the extract button that is, to extract the files ...... and then continue with the instructions. :blink:

#10 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 22 November 2007 - 09:14 PM

Sorry about the confusion. Heres the report

WinPFind3 logfile created on: 11/22/2007 9:08:05 PM
WinPFind3U by OldTimer - Version 1.0.43 Folder = E:\Documents and Settings\Jake\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.42 Mb Total Physical Memory | 552.17 Mb Available Physical Memory | 54.01% Memory free
2.31 Gb Paging File | 1.94 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): E:\pagefile.sys 1440 2880;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.00 Gb Total Space | 2.89 Gb Free Space | 57.73% Space Free
D: Drive not present or media not loaded
Drive E: | 71.33 Gb Total Space | 42.55 Gb Free Space | 59.65% Space Free
Drive F: | 5.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free

Computer Name: FRIT
Current User Name: Jake
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 10/28/2005 10:06:24 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 10/28/2005 10:06:24 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 7:44:48 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 7:44:54 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 9/17/2003 1:43:36 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 6:17:10 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 11/2/2007 6:24:54 PM | Attr = ]
gammatray.exe -> %ProgramFiles%\SEC\MagicTune3.6\GammaTray.exe -> [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Modified Date = 5/4/2006 5:22:58 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
magictune.exe -> %ProgramFiles%\SEC\MagicTune3.6\MagicTune.exe -> SAMSUNG [Ver = 1, 0, 0, 1 | Size = 249856 bytes | Modified Date = 6/29/2006 10:36:30 PM | Attr = ]
ncprotray.exe -> %ProgramFiles%\SEC\Natural Color Pro\NCProTray.exe -> Samsung [Ver = 1, 0, 0, 3 | Size = 49220 bytes | Modified Date = 4/10/2006 5:24:20 PM | Attr = ]
pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 10/5/2007 9:08:36 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 6:17:46 PM | Attr = ]
sansasvr.exe -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 5/3/2006 2:02:52 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 6:18:32 PM | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\SanDisk\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 303104 bytes | Modified Date = 9/14/2006 4:18:32 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.43.0 | Size = 371200 bytes | Modified Date = 11/18/2007 4:22:40 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/7/2004 1:56:14 AM | Attr = ]
wusb54gv4.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe -> Linksys [Ver = 4.6.2.10 | Size = 1513472 bytes | Modified Date = 3/24/2005 10:02:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 10/28/2005 10:06:24 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 520192 bytes | Modified Date = 10/29/2005 12:05:00 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 7:44:48 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 87160 bytes | Modified Date = 2/29/2004 7:44:52 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 7:44:54 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 6:17:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 2:41:10 AM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 10/5/2007 9:08:36 PM | Attr = ]
(SansaService) Sansa Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 5/3/2006 2:02:52 PM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 1.5.0.0 | Size = 169192 bytes | Modified Date = 3/12/2004 6:18:06 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.3.0.46 | Size = 193760 bytes | Modified Date = 3/11/2004 5:58:32 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 6:17:46 PM | Attr = ]
(WUSB54Gv4SVC) WUSB54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/7/2004 1:56:14 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 9/17/2003 1:43:36 PM | Attr = ]
P17Helper -> %System32%\P17.dll [Rundll32 P17.dll,P17Helper] -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 5/3/2005 10:38:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 6:57:48 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 6:18:32 PM | Attr = ]
VTTrayp -> %System32%\VTTrayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.36-0308B | Size = 147456 bytes | Modified Date = 3/11/2005 4:33:28 AM | Attr = R ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 4:22:02 PM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
< Common Startup > -> E:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\ WinCinema Manager.lnk -> %ProgramFiles%\SanDisk\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 303104 bytes | Modified Date = 9/14/2006 4:18:32 PM | Attr = ]
%AllUsersStartup%\Color Calibration.lnk -> %ProgramFiles%\SEC\MagicTune3.6\GammaTray.exe -> [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Modified Date = 5/4/2006 5:22:58 PM | Attr = ]
%AllUsersStartup%\MagicTune 3.6.lnk -> %ProgramFiles%\SEC\MagicTune3.6\MagicTuneTray.exe -> [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 12/30/2004 1:59:24 PM | Attr = ]
%AllUsersStartup%\NCProTray.lnk -> %ProgramFiles%\SEC\Natural Color Pro\NCProTray.exe -> Samsung [Ver = 1, 0, 0, 3 | Size = 49220 bytes | Modified Date = 4/10/2006 5:24:20 PM | Attr = ]
< User Startup > -> E:\Documents and Settings\Jake\Start Menu\Programs\Startup ->
%UserStartup%\MEMonitor.lnk -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 3:25:16 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 47616 bytes | Modified Date = 10/28/2005 10:07:28 PM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 9.0.0.338 | Size = 83176 bytes | Modified Date = 3/12/2004 6:17:24 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> E:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> E:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> E:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 10:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 11:05:30 PM | Attr = R ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 11:05:30 PM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 11:05:30 PM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> %ProgramFiles%\google\GoogleToolbar1.dll\cmsearch.htm -> File not found
&Translate English Word -> %ProgramFiles%\google\GoogleToolbar1.dll\cmwordtrans.htm -> File not found
Backward Links -> %ProgramFiles%\google\GoogleToolbar1.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\google\GoogleToolbar1.dll\cmcache.htm -> File not found
Similar Pages -> %ProgramFiles%\google\GoogleToolbar1.dll\cmsimilar.htm -> File not found
Translate Page into English -> %ProgramFiles%\google\GoogleToolbar1.dll\cmtrans.htm -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{46B804BF-D307-458C-B224-030A78BF0CF6} -> (802.11g Wireless LAN USB Adapter) ->
{C126789A-9F46-46AC-9B75-5A1B3FD68C25} -> (Linksys Wireless-G USB Network Adapter) ->
{CE54CA94-D59B-41A8-87E7-996159CD780E} -> (VIA Rhine II Fast Ethernet Adapter) ->
{EA7506D5-C969-431E-B2E1-915F5811BE64} -> (Linksys Wireless-G USB Network Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 11/2/2007 6:58:44 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 11/6/2007 8:19:07 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 11/6/2007 8:19:36 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/18/2007 6:24:08 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/18/2007 6:24:08 PM | Attr = H ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 11/2/2007 7:01:34 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
WlanUZXP.sys -> %System32%\drivers\WlanUZXP.sys -> ZyDAS Technology Corporation [Ver = 6, 6, 0, 0 | Size = 437760 bytes | Created Date = 11/13/2007 8:48:21 AM | Attr = R ]

[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 11/2/2007 7:01:36 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 11/6/2007 8:19:08 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/28/2007 8:27:20 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/22/2007 7:57:24 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/22/2007 11:40:02 AM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 11/21/2007 9:14:44 PM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/12/2007 1:17:40 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 11/6/2007 8:19:38 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/13/2007 8:48:22 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/11/2007 11:57:08 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/21/2007 9:31:32 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/18/2007 6:24:10 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/18/2007 6:24:10 PM | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 11/11/2007 11:56:54 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 11/22/2007 2:01:20 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/22/2007 6:45:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/22/2007 11:40:08 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/13/2007 8:48:16 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/13/2007 8:48:22 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 10/28/2007 2:21:34 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 52764 bytes | Modified Date = 11/5/2007 4:11:14 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380350 bytes | Modified Date = 11/5/2007 4:11:14 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 439552 bytes | Modified Date = 11/5/2007 4:11:12 PM | Attr = ]
PnkBstrB.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 10/29/2007 6:34:36 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1108 bytes | Modified Date = 11/2/2007 6:59:22 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/21/2007 9:14:44 PM | Attr = ]
PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 10/29/2007 6:39:28 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\bf2_patch_1.2(2).exe -> File size too big (374957818 bytes) ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 6:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Modified Date = 7/11/2007 3:59:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 11:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 7:20:34 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >

#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 AM

Posted 25 November 2007 - 06:49 PM

Hi fritzle, :thumbsup:

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer Settings > ->
YY -> HKLM: Local Page -> E:\windows\system32\blank.htm
YY -> HKCU: Local Page -> E:\windows\system32\blank.htm
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp -> Reg Data - Key not found
YN -> msdaipp -> Reg Data - Key not found
[Files/Folders - Modified Within 30 days]
NY -> tmp.reg -> %System32%\tmp.reg
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

#12 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 26 November 2007 - 09:34 PM

Fix log..


[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
File E:\windows\system32\blank.htm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
File E:\windows\system32\blank.htm not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp deleted successfully.
[Files/Folders - Modified Within 30 days]
E:\WINDOWS\SYSTEM32\tmp.reg moved successfully.
[Empty Temp Folders]
E:\DOCUME~1\Jake\LOCALS~1\Temp\ -> emptied.
E:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 11/26/2007 21:34:10

#13 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 26 November 2007 - 09:44 PM

and...
scan.

WinPFind3 logfile created on: 11/26/2007 9:38:48 PM
WinPFind3U by OldTimer - Version 1.0.43 Folder = E:\Documents and Settings\Jake\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.42 Mb Total Physical Memory | 601.40 Mb Available Physical Memory | 58.82% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.45% Paging File free
Paging file location(s): E:\pagefile.sys 1440 2880;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.00 Gb Total Space | 2.86 Gb Free Space | 57.15% Space Free
D: Drive not present or media not loaded
Drive E: | 71.33 Gb Total Space | 43.97 Gb Free Space | 61.65% Space Free
Drive F: | 7.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free

Computer Name: FRIT
Current User Name: Jake
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 10/28/2005 10:06:24 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 10/28/2005 10:06:24 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 7:44:48 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 7:44:54 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 9/17/2003 1:43:36 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 6:17:10 PM | Attr = ]
gammatray.exe -> %ProgramFiles%\SEC\MagicTune3.6\GammaTray.exe -> [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Modified Date = 5/4/2006 5:22:58 PM | Attr = ]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 4:22:02 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
magictune.exe -> %ProgramFiles%\SEC\MagicTune3.6\MagicTune.exe -> SAMSUNG [Ver = 1, 0, 0, 1 | Size = 249856 bytes | Modified Date = 6/29/2006 10:36:30 PM | Attr = ]
ncprotray.exe -> %ProgramFiles%\SEC\Natural Color Pro\NCProTray.exe -> Samsung [Ver = 1, 0, 0, 3 | Size = 49220 bytes | Modified Date = 4/10/2006 5:24:20 PM | Attr = ]
pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 10/5/2007 9:08:36 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 6:17:46 PM | Attr = ]
sansasvr.exe -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 5/3/2006 2:02:52 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 6:18:32 PM | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\SanDisk\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 303104 bytes | Modified Date = 9/14/2006 4:18:32 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.43.0 | Size = 371200 bytes | Modified Date = 11/18/2007 4:22:40 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/7/2004 1:56:14 AM | Attr = ]
wusb54gv4.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe -> Linksys [Ver = 4.6.2.10 | Size = 1513472 bytes | Modified Date = 3/24/2005 10:02:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 10/28/2005 10:06:24 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 520192 bytes | Modified Date = 10/29/2005 12:05:00 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 7:44:48 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 87160 bytes | Modified Date = 2/29/2004 7:44:52 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 7:44:54 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 8:01:00 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 6:17:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 2:41:10 AM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 10/5/2007 9:08:36 PM | Attr = ]
(SansaService) Sansa Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 5/3/2006 2:02:52 PM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 1.5.0.0 | Size = 169192 bytes | Modified Date = 3/12/2004 6:18:06 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.3.0.46 | Size = 193760 bytes | Modified Date = 3/11/2004 5:58:32 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 6:17:46 PM | Attr = ]
(WUSB54Gv4SVC) WUSB54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/7/2004 1:56:14 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 4:43:58 PM | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 9/17/2003 1:43:36 PM | Attr = ]
P17Helper -> %System32%\P17.dll [Rundll32 P17.dll,P17Helper] -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 5/3/2005 10:38:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 6:57:48 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 6:18:32 PM | Attr = ]
VTTrayp -> %System32%\VTTrayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.36-0308B | Size = 147456 bytes | Modified Date = 3/11/2005 4:33:28 AM | Attr = R ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 4:22:02 PM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
< Common Startup > -> E:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\ WinCinema Manager.lnk -> %ProgramFiles%\SanDisk\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 303104 bytes | Modified Date = 9/14/2006 4:18:32 PM | Attr = ]
%AllUsersStartup%\Color Calibration.lnk -> %ProgramFiles%\SEC\MagicTune3.6\GammaTray.exe -> [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Modified Date = 5/4/2006 5:22:58 PM | Attr = ]
%AllUsersStartup%\MagicTune 3.6.lnk -> %ProgramFiles%\SEC\MagicTune3.6\MagicTuneTray.exe -> [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 12/30/2004 1:59:24 PM | Attr = ]
%AllUsersStartup%\NCProTray.lnk -> %ProgramFiles%\SEC\Natural Color Pro\NCProTray.exe -> Samsung [Ver = 1, 0, 0, 3 | Size = 49220 bytes | Modified Date = 4/10/2006 5:24:20 PM | Attr = ]
< User Startup > -> E:\Documents and Settings\Jake\Start Menu\Programs\Startup ->
%UserStartup%\MEMonitor.lnk -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 3:25:16 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 47616 bytes | Modified Date = 10/28/2005 10:07:28 PM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 9.0.0.338 | Size = 83176 bytes | Modified Date = 3/12/2004 6:17:24 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> E:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 10:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 11:05:30 PM | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 11:05:30 PM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 11:05:30 PM | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> %ProgramFiles%\google\GoogleToolbar1.dll\cmsearch.htm -> File not found
&Translate English Word -> %ProgramFiles%\google\GoogleToolbar1.dll\cmwordtrans.htm -> File not found
Backward Links -> %ProgramFiles%\google\GoogleToolbar1.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\google\GoogleToolbar1.dll\cmcache.htm -> File not found
Similar Pages -> %ProgramFiles%\google\GoogleToolbar1.dll\cmsimilar.htm -> File not found
Translate Page into English -> %ProgramFiles%\google\GoogleToolbar1.dll\cmtrans.htm -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{46B804BF-D307-458C-B224-030A78BF0CF6} -> (802.11g Wireless LAN USB Adapter) ->
{C126789A-9F46-46AC-9B75-5A1B3FD68C25} -> (Linksys Wireless-G USB Network Adapter) ->
{CE54CA94-D59B-41A8-87E7-996159CD780E} -> (VIA Rhine II Fast Ethernet Adapter) ->
{EA7506D5-C969-431E-B2E1-915F5811BE64} -> (Linksys Wireless-G USB Network Adapter) ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 11/2/2007 6:58:44 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 11/6/2007 8:19:07 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 11/6/2007 8:19:36 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/18/2007 6:24:08 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/18/2007 6:24:08 PM | Attr = H ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 11/2/2007 7:01:34 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/11/2007 11:56:52 PM | Attr = ]
WlanUZXP.sys -> %System32%\drivers\WlanUZXP.sys -> ZyDAS Technology Corporation [Ver = 6, 6, 0, 0 | Size = 437760 bytes | Created Date = 11/13/2007 8:48:21 AM | Attr = R ]

[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 11/2/2007 7:01:36 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 11/6/2007 8:19:08 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/28/2007 8:27:20 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/26/2007 9:38:26 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/26/2007 9:37:36 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 11/21/2007 9:14:44 PM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/12/2007 1:17:40 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 11/6/2007 8:19:38 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/13/2007 8:48:22 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/11/2007 11:57:08 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/26/2007 8:38:56 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/18/2007 6:24:10 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/18/2007 6:24:10 PM | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 11/26/2007 9:34:10 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 11/26/2007 9:38:12 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/22/2007 6:45:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/26/2007 9:37:42 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/24/2007 3:37:24 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/13/2007 8:48:22 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 10/28/2007 2:21:34 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 52764 bytes | Modified Date = 11/5/2007 4:11:14 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380350 bytes | Modified Date = 11/5/2007 4:11:14 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 439552 bytes | Modified Date = 11/5/2007 4:11:12 PM | Attr = ]
PnkBstrB.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 10/29/2007 6:34:36 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/26/2007 8:36:26 PM | Attr = ]
PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 10/29/2007 6:39:28 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\bf2_patch_1.2(2).exe -> File size too big (374957818 bytes) ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 6:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Modified Date = 7/11/2007 3:59:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 11:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 7:20:34 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >

#14 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 AM

Posted 28 November 2007 - 09:05 AM

Hi fritzle, :thumbsup:

Logs look good. You didn't mention any complaints. Does that you don't have any or you just forget to answer that question?

Since F-Secure didn't work do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post and please don't forget to answer the above question.


#15 fritzle

fritzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 29 November 2007 - 05:45 PM

Hmm... this scan wont work either... A message box came up and said """Update process FAILED. No further antivirus actions can be performed! Attention, you much be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses.[21]"""

I tried the scan twice and this is what i got both times.

And to answer that question... I have had some problems with my internet, but I don't think its from infection. My internet keeps cutting out for short periods of time, then it reconnects.

Sorry for all the problems!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users