Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Someone Help


  • Please log in to reply
9 replies to this topic

#1 hornett

hornett

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 01 January 2008 - 02:09 AM

downloaded some kind of virus that has halted updates to Adware and avast virus scanner. also get redirects webpages to porn sites. i downloaded hijack this and have attached the logfile. I hope someone can help get rid of this crap so I don't have to reformat and start over. thx in advance for any and all help.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:57 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E4B6EC0-4F90-4817-8CF8-62FDBE3888F0}: NameServer = 85.255.113.109,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.109 85.255.112.138
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.109 85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.109 85.255.112.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 6909 bytes

BC AdBot (Login to Remove)

 


#2 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:11:01 PM

Posted 06 January 2008 - 02:33 AM

Hi hornett

Please post a fresh Hijackthis log and i will take a look and get back to you asap.

DC

#3 hornett

hornett
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 07 January 2008 - 09:59 PM

thx for any and all help. hope you can make heads or tails of this. redirects when i click on links.

#4 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:11:01 PM

Posted 08 January 2008 - 05:49 AM

Hi hornett

Please post a fresh Hijackthis log and i will take a look and get back to you asap.

DC

I need a new log as the last one is over a week old and a lot can happen in a week!

DC

#5 hornett

hornett
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 08 January 2008 - 10:26 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:16 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E4B6EC0-4F90-4817-8CF8-62FDBE3888F0}: NameServer = 85.255.113.109,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.109 85.255.112.138
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.109 85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.109 85.255.112.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 6907 bytes


Mod Edit:Topics merged for continuity ~TMacK

Edited by TMacK, 09 January 2008 - 12:08 AM.


#6 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:11:01 PM

Posted 09 January 2008 - 11:21 PM

Hi hornett

**** Please download FixWareout from one of these mirrors:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) in a reply to this thread.

**** Download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.
DC

#7 hornett

hornett
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 11 January 2008 - 12:48 AM

Username "dad" - 01/10/2008 23:40:49 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdivo.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.109 85.255.112.138" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6E4B6EC0-4F90-4817-8CF8-62FDBE3888F0}
"nameserver"="85.255.113.109,85.255.112.138" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5A6DBE01-9A9C-4A86-8024-32A696C17C87}
"DhcpNameServer"="85.255.113.109,85.255.112.138" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdivo.ren 73806 06/13/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"NWEReboot"=""
"SCDEmuApp.exe"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"Lexmark 3100 Series"="\"C:\\Program Files\\Lexmark 3100 Series\\lxbrbmgr.exe\""
"LXBRKsk"="C:\\PROGRA~1\\LEXMAR~1\\LXBRKsk.exe"
"PrintServer Diagnostic"="C:\\Program Files\\Print Server\\PTP\\PSDiagnostic.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

#8 hornett

hornett
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 11 January 2008 - 12:56 AM

Deckard's System Scanner v20071014.68
Run by dad on 2008-01-10 23:52:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-01-11 05:52:59 UTC - RP544 - Deckard's System Scanner Restore Point
86: 2008-01-11 05:01:39 UTC - RP543 - System Checkpoint
85: 2008-01-09 13:31:57 UTC - RP542 - System Checkpoint
84: 2008-01-08 12:00:49 UTC - RP541 - System Checkpoint
83: 2008-01-07 11:56:17 UTC - RP540 - System Checkpoint


-- First Restore Point --
1: 2007-10-13 07:57:29 UTC - RP458 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as dad.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:40 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\dad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 6718 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 PCAlertDriver - c:\program files\msi\core center\ntglm7x.sys <Not Verified; Your Corporation; Your Product Name>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 RushTopDevice - c:\program files\msi\core center\rushtop.sys <Not Verified; Your Corporation; Your Product Name>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 HwIOctl - c:\program files\setup files\ms-7021 v2.00\hwioctl.sys (file missing)
S3 Memctl - c:\program files\setup files\ms-7021 v2.00\memctl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-10 23:44:02 434 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-01-10 03:00:01 368 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-01-08 15:57:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-10 and 2008-01-10 -----------------------------

2008-01-09 07:12:58 0 dr-h----- C:\Documents and Settings\dad\Recent
2007-12-31 20:37:53 0 d-------- C:\Program Files\Lavasoft
2007-12-30 20:23:14 0 d-------- C:\Program Files\RegCure
2007-12-30 19:21:14 0 d-------- C:\Program Files\Trend Micro
2007-12-16 21:43:03 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-16 21:42:54 0 d-------- C:\Program Files\Zune


-- Find3M Report ---------------------------------------------------------------

2008-01-10 23:20:30 0 d-------- C:\Documents and Settings\dad\Application Data\Vso
2008-01-10 21:21:57 0 d-------- C:\Program Files\Binary News Reaper
2008-01-10 06:40:30 0 d-------- C:\Documents and Settings\dad\Application Data\Azureus
2007-12-31 20:37:58 0 d-------- C:\Documents and Settings\dad\Application Data\Lavasoft
2007-12-31 20:36:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 08:06:28 0 d-------- C:\Program Files\Azureus
2007-12-21 22:01:17 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-12-04 22:54:51 335 --a------ C:\WINDOWS\mozregistry.dat
2007-11-29 21:51:11 0 d-------- C:\Program Files\CDisplay
2007-11-12 19:01:58 0 d-------- C:\Program Files\Seagate
2007-11-12 19:01:40 0 d-------- C:\Program Files\Common Files
2007-10-27 13:35:08 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"SoundMan"="SOUNDMAN.EXE" [04/27/2006 07:14 PM C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [09/13/2004 03:51 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [07/11/2005 09:44 AM]
"NWEReboot"="" []
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [10/15/2005 07:15 PM]
"Lexmark 3100 Series"="C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe" [09/03/2003 08:33 PM]
"LXBRKsk"="C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe" [06/13/2003 08:57 AM]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [11/24/2004 04:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 04:48 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 03:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 12:05:26 AM]
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [4/27/2006 7:20:58 PM]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [4/27/2006 7:02:07 PM]

*Newly Created Service* - PCALERTDRIVER
*Newly Created Service* - RUSHTOPDEVICE



-- End of Deckard's System Scanner: finished at 2008-01-10 23:54:11 ------------
















Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 1800+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1023.48 MiB / 649.95 MiB
Pagefile Memory (total/avail): 2461.56 MiB / 2115.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 22.37 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 19.53 GiB total, 14.66 GiB free.
G: is Fixed (NTFS) - 36.36 GiB total, 9.75 GiB free.
I: is Fixed (FAT32) - 149.01 GiB total, 20.5 GiB free.
J: is CDROM (No Media)
K: is Fixed (FAT32) - 232.83 GiB total, 2.6 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD600BB-00CAA1 - 55.9 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 36.36 GiB - G:

\\.\PHYSICALDRIVE1 - HDS72808 0PLA380 SCSI Disk Device - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:

\\.\PHYSICALDRIVE2 - Seagate External Drive USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - I:

\\.\PHYSICALDRIVE3 - WD 2500JB External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - K:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080110-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\mIRC\\mirc.exe"="F:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\MultiProxy\\MProxy.exe"="C:\\Program Files\\MultiProxy\\MProxy.exe:*:Disabled:MultiProxy personal proxy server"
"C:\\Program Files\\Ringtone Media Studio\\MMCenter.exe"="C:\\Program Files\\Ringtone Media Studio\\MMCenter.exe:*:Disabled:Ringtone Media Studio"
"F:\\Program Files\\GrabIt\\GrabIt.exe"="F:\\Program Files\\GrabIt\\GrabIt.exe:*:Enabled:GrabIt"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Disabled:Outlook Express"
"C:\\Program Files\\Giganews Binary Newsreader\\Giganews.exe"="C:\\Program Files\\Giganews Binary Newsreader\\Giganews.exe:*:Enabled:Giganews Binary Newsreader"
"C:\\Program Files\\NewsRover\\NewsRover.exe"="C:\\Program Files\\NewsRover\\NewsRover.exe:*:Enabled:News Rover"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Binary News Reaper\\bnr2.exe"="C:\\Program Files\\Binary News Reaper\\bnr2.exe:*:Enabled:Binary News Reaper"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\dad\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MYCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\dad
LOGONSERVER=\\MYCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\dad\LOCALS~1\Temp
TMP=C:\DOCUME~1\dad\LOCALS~1\Temp
USERDOMAIN=MYCOMPUTER
USERNAME=dad
USERPROFILE=C:\Documents and Settings\dad
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

dad (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{34566374-6C4D-419F-A9E0-8B21CA905FD8}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVI DivX MPEG to DVD Converter & Burner Pro 2.9 --> "C:\Program Files\AVI DivX MPEG to DVD Converter & Burner Pro\unins000.exe"
AVI/MPEG/RM/WMV Joiner 4.61 --> "C:\Program Files\ Joiner\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Binary News Reaper 0.14.7 Beta --> "C:\Program Files\Binary News Reaper\unins000.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
ConvertXtoDVD 2.0.12 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Core Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr. DivX 1.0 Beta --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\Dr.DivX.log
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy Video Joiner 5.01 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
ImTOO DVD to iPod Converter --> C:\Program Files\ImTOO\DVD to iPod Converter 4\Uninstall.exe
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InCD Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 3100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBRUN5C.EXE -dLexmark 3100 Series
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "F:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
MSI Live Update 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NeroVision Express 2 Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Print Server Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Hotfix - KB895181 --> "C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2544 / Error
Event Submitted/Written: 01/03/2008 01:02:51 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application bnr2.exe, version 0.14.7.448, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2532 / Error
Event Submitted/Written: 12/31/2007 07:30:39 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application psdiagnostic.exe, version 2.0.7.0, faulting module psdiagnostic.exe, version 2.0.7.0, fault address 0x00005910.
Processing media-specific event for [psdiagnostic.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30375 / Error
Event Submitted/Written: 01/10/2008 11:43:38 PM / 01/10/2008 11:44:08 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type30311 / Error
Event Submitted/Written: 01/10/2008 09:02:47 PM / 01/10/2008 09:03:06 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type30303 / Error
Event Submitted/Written: 01/10/2008 00:34:41 AM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type30301 / Error
Event Submitted/Written: 01/08/2008 03:57:02 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest.
Reference error message: The operation completed successfully.
.

Event Record #/Type30300 / Error
Event Submitted/Written: 01/08/2008 03:57:02 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.



-- End of Deckard's System Scanner: finished at 2008-01-10 23:54:11 ------------

#9 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:11:01 PM

Posted 11 January 2008 - 11:58 PM

Hi hornett

How is your PC running now?

Can you update Ad-aware and Avast?

**** Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
**** Please do an online scan with Kaspersky WebScanner with Internet Explorer.

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh Hijackthis log.
DC

#10 hornett

hornett
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 15 January 2008 - 08:15 PM

Demon Cleaner

my pc is running great. thx for all your help and advice. the site www.kaspersky.com/virusscanner does not have an online scanner. you have to download an .exe file and then run the program. is this what i need to do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users