Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Symantec Email Proxy Bombardment Virus


  • Please log in to reply
3 replies to this topic

#1 elgrunto

elgrunto

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 09 April 2008 - 12:55 PM

Hi, a recent email left my computer with a few hefty viruses. I have done countless removals and followed many online forums to aide me in the removal process. I thought I had this thing beat but now I'm getting hundreds and hundreds of pop-ups via Symantec Email Proxy which seems to be attempting to spam email a bunch of addresses from my computer. I've run a bunch of spyware/malware removal programs and vundofix etc... It seems I've tried everything but posting a log. I'm sure I probably have some other bad guys roaming around on my computer I don't know about so here's my log and any help would be greatly, greatly appreciated. Thanks.

Deckard's System Scanner v20071014.68
Run on 2008-04-09 11:30:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
9: 2008-04-09 17:19:36 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-04-09 09:02:42 UTC - RP8 - Software Distribution Service 3.0
7: 2008-04-02 04:10:39 UTC - RP7 - System Checkpoint
6: 2008-04-01 02:54:38 UTC - RP6 - System Checkpoint
5: 2008-03-31 02:43:24 UTC - RP5 - System Checkpoint


-- First Restore Point --
1: 2008-03-29 05:27:59 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 89% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 5.55 GiB (less than 15%) free.


-- HijackThis (run as .exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-09 11:35:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134877144390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{65373D93-E4C3-47E6-B854-77436D42D999}: NameServer = 66.109.128.2,66.109.128.3
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{90AD4CF3-4C4E-4626-AE14-F87C6B41E6EC}: NameServer = 66.109.128.2,66.109.128.3
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe


--
End of file - 11008 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SysPlant (SysPlant for NT) - c:\windows\system32\drivers\sysplant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys

S3 NuVision (Hauppauge WinTV USB Live Pro) - c:\windows\system32\drivers\nuvision.sys <Not Verified; Hauppauge Computer Works; WinTV USB>
S3 ZD1211U(Hawking Technologies) (Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies)) - c:\windows\system32\drivers\zd1211u.sys <Not Verified; ZyDAS Technology Corporation; ZD1211 802.11b+g USB LAN Adapter>
S3 ZDBRGSYS (ZDBRGSYS NDIS Protocol Driver) - c:\windows\system32\zdbrgsys.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdpndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\50344164543F0200
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\50344164543F0200
Service: NIC1394

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&6733D96A&0
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&6733D96A&0
Service: dtscsi

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 11:29:17 498 --a------ C:\windows\Tasks\1-Click Maintenance.job
2008-04-09 01:37:03 330 --ah----- C:\windows\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 10:39:02 0 d-------- C:\!KillBox
2008-03-29 19:04:18 0 d-------- C:\Program Files\Enigma Software Group
2008-03-29 13:06:23 315494 --ahs---- C:\windows\system32\hjllm.ini2
2008-03-29 12:53:48 0 d-------- C:\windows\system32\ActiveScan
2008-03-29 09:24:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 09:21:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 09:21:30 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\SUPERAntiSpyware.com
2008-03-28 23:35:17 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Grisoft
2008-03-28 23:34:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-28 20:11:29 0 d-------- C:\VundoFix Backups
2008-03-28 16:12:45 297276 --ahs---- C:\windows\system32\stutv.ini2
2008-03-28 15:50:07 162304 --a------ C:\windows\system32\ztvunrar36.dll
2008-03-28 15:50:07 77312 --a------ C:\windows\system32\ztvunace26.dll
2008-03-28 15:50:06 69632 --a------ C:\windows\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-03-28 15:50:06 75264 --a------ C:\windows\system32\unacev2.dll
2008-03-28 15:50:04 153088 --a------ C:\windows\system32\UNRAR3.dll
2008-03-28 15:49:55 0 d-------- C:\Program Files\Trojan Remover
2008-03-28 15:49:55 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Simply Super Software
2008-03-28 15:49:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-03-28 13:56:21 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\AdwareAlert
2008-03-28 02:06:49 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Auslogics
2008-03-28 02:06:19 0 d-------- C:\Program Files\Auslogics
2008-03-28 01:45:46 0 d-------- C:\windows\system32\NtmsData
2008-03-27 01:18:36 0 d-------- C:\windows\pss
2008-03-27 00:10:13 120 --a------ C:\tempdel.bat
2008-03-27 00:10:00 0 d-------- C:\Program Files\Helper
2008-03-25 23:44:00 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Webcammax
2008-03-23 19:17:00 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-23 19:16:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 19:08:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-23 15:36:11 2560 --a------ C:\windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-03-22 23:08:16 87424 --a------ C:\windows\system32\drivers\SysPlant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
2008-03-22 19:58:24 0 d-------- C:\Program Files\iPod
2008-03-22 19:57:46 0 d-------- C:\Program Files\iTunes
2008-03-22 19:54:54 0 d-------- C:\Program Files\QuickTime
2008-03-09 02:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-09 02:25:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-09 02:24:44 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-09 02:24:02 0 d-------- C:\Program Files\Logitech
2008-03-09 00:35:38 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\skypePM
2008-03-09 00:35:38 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-09 00:34:04 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Skype
2008-03-09 00:33:08 0 d-------- C:\Program Files\Common Files\Skype
2008-03-09 00:32:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-04-07 18:59:49 0 d-------- C:\Program Files\BitComet
2008-03-29 17:35:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-29 17:35:40 0 d-------- C:\Program Files\Windows Defender
2008-03-23 22:18:46 0 d-------- C:\Program Files\Google
2008-03-23 19:16:22 0 d-------- C:\Program Files\Common Files
2008-03-23 19:08:07 0 d-------- C:\Program Files\Java
2008-03-22 23:07:34 0 d-------- C:\Program Files\Symantec
2008-03-22 19:46:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-13 22:28:34 0 d-------- C:\Program Files\LimeWire
2008-03-13 21:11:18 0 d-------- C:\Program Files\Incomplete
2008-02-26 23:41:17 112944 --a----c- C:\windows\system32\GDIPFONTCACHEV1.DAT
2008-02-25 20:15:22 0 d-------- C:\Program Files\Microsoft Works
2008-02-25 19:42:57 0 d-------- C:\Program Files\MSBuild
2008-02-25 19:26:29 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-25 13:46:28 0 d-------- C:\Program Files\Common Files\Real
2008-02-25 13:44:58 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Real
2008-02-24 16:36:13 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/06/2007 03:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [08/04/2004 02:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [4/15/2007 6:10:58 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"LogitechSetup"="D:\Setup\Setup.exe" /start /restart /l:enu
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"hpWirelessAssistant"="%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211a6186-dbe7-11da-b849-000fb06e47b1}]
AutoRun\command- Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55fcf48c-f97e-11da-b856-00904bac80c0}]
AutoRun\command- Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c741770f-8335-11da-a609-000fb06e47b1}]
AutoRun\command- G:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49b6efa-a907-11dc-b8c4-00904bac80c0}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-09 11:37:44 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 83%
Physical Memory (total/avail): 510.48 MiB / 85.83 MiB
Pagefile Memory (total/avail): 1977.59 MiB / 1528.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.88 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 5.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK8026GAX - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.)
AV: Symantec Endpoint Protection v11.0.777.1008 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\hl2.exe"="E:\\hl2.exe:*:Enabled:hl2"
"E:\\srcds.exe"="E:\\srcds.exe:*:Enabled:srcds"
"D:\\hl2.exe"="D:\\hl2.exe:*:Enabled:hl2"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"="C:\\Program Files\\Super Internet TV\\OnlineTV.exe:*:Enabled:Super Internet TV"
"C:\\Documents and Settings\\Administrator\\Application Data\\U3\\0000060421118974\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\Administrator\\Application Data\\U3\\0000060421118974\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Documents and Settings\\Grant Casey\\Application Data\\U3\\0000060421118974\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Phone\\Skype.exe"="C:\\Documents and Settings\\Grant Casey\\Application Data\\U3\\0000060421118974\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Grant Casey\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BAT-PUTER
ComSpec=C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Grant Casey
LOGONSERVER=\\BAT-PUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\WINDOWS\system32;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\windows
TEMP=C:\DOCUME~1\GRANTC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GRANTC~1\LOCALS~1\Temp
USERDOMAIN=BAT-PUTER
USERNAME=Grant Casey
USERPROFILE=C:\Documents and Settings\Grant Casey
windir=C:\windows
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Grant Casey (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AI RoboForm --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AltoMP3 Gold 5.12 --> C:\Program Files\AltoMP3 Gold\uninst.exe
Ambush Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins001.exe"
Amor WMV to AVI MPEG VCD SVCD DVD Converter 1.8 --> "C:\Program Files\Amor WMV to AVI MPEG VCD SVCD DVD Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics BoostSpeed --> "C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belarc Advisor 7.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitComet 0.99 --> C:\Program Files\BitComet\uninst.exe
BitTorrent 4.2.0 --> "C:\Program Files\BitTorrent\uninstall.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDK Players --> C:\WINDOWS\Uninstall CDK.exe
CDRWIN --> C:\PROGRA~1\CDRWIN\UNWISE.EXE C:\PROGRA~1\CDRWIN\INSTALL.LOG
Chaos Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins002.exe"
Cisco Systems VPN Client 4.8.02.0010 --> MsiExec.exe /X{176130BC-99A1-41FE-A78B-56045E33AD70}
Conexant AC-Link Audio --> CIAunwdm.exe
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DreamStation DXi --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\AUDIO SIMULATION\DREAMSTATION DXI
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
Flamethrower Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins003.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9
HP Pavillion zv6000 User Guides --> C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Wireless Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
iWin Games (remove only) --> "C:\Program Files\iWin Games\Uninstall.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Karaoke Player --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Karaoke Player\DeIsL1.isu" -c"C:\Program Files\Karaoke Player\_ISREG32.DLL"
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.3 (Symantec Corporation) --> "C:\PROGRA~1\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic DVD Ripper V3.5 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Meteor Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins004.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007 --> MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Student Graphing Calculator --> MsiExec.exe /I{06043840-7A70-4AC6-9340-2EB7E1486914}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3+G Toolz --> MsiExec.exe /I{F50A4470-7A45-4A5A-97F8-806990B736C2}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nuke Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins005.exe"
Online Manuals for WinTV (English) --> C:\PROGRA~1\WinTV\UNTVmans.exe C:\PROGRA~1\WinTV\WinTVMan.LOG
Panda ActiveScan --> C:\windows\system32\ASUninst.exe Panda ActiveScan
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PCI 1620 Cardbus Controller and Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
Pocket Tanks Deluxe 1.00b --> "C:\Program Files\Pocket Tanks Deluxe\unins000.exe"
Porrasturvat - Stair Dismount --> C:\Program Files\Porrasturvat - Stair Dismount\uninstall.exe
Power CD+G Burner --> "C:\Program Files\Doblon\Power CD+G Burner\unins000.exe"
Power Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins006.exe"
Quick Launch Buttons 5.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Super Internet TV v6.8 --> "C:\Program Files\Super Internet TV\unins000.exe"
Super Pack v1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins007.exe"
Symantec Endpoint Protection --> MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D71AC256-FA83-45EA-9F14-1B20BB5105C9} /l1033
TextAloud --> "C:\Program Files\TextAloud\unins000.exe"
TI Connect™ 1.2.1 --> C:\PROGRA~1\TIEDUC~1\TICONN~1\UNWISE.EXE C:\PROGRA~1\TIEDUC~1\TICONN~1\INSTALL.LOG
Trojan Remover 6.6.8 --> "C:\Program Files\Trojan Remover\unins000.exe"
Truck Dismount (remove only) --> "C:\Program Files\Truck Dismount\uninst.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TVUPlayer 2.2.0 --> C:\Program Files\TVUPlayer\uninst.exe
Ulead GIF Animator 5 TBYB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" -l0x9
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
UserGuides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
UWICK Starter Set --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\UWICK\Uninst.isu"
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type7666 / Warning
Event Submitted/Written: 04/09/2008 11:35:49 AM
Event ID/Source: 22 / Symantec AntiVirus
Event Description:
Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent

Event Record #/Type7640 / Error
Event Submitted/Written: 04/06/2008 10:10:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module js3250.dll, version 4.0.0.0, fault address 0x00020290.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type7635 / Warning
Event Submitted/Written: 04/06/2008 00:36:48 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{7D2370AC-D8E6-4996-986A-19824F8A167C}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type7634 / Warning
Event Submitted/Written: 04/06/2008 00:36:48 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{7D2370AC-D8E6-4996-986A-19824F8A167C}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type7633 / Warning
Event Submitted/Written: 04/06/2008 00:36:48 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{7D2370AC-D8E6-4996-986A-19824F8A167C}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3124 / Error
Event Submitted/Written: 04/09/2008 11:29:49 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058

Event Record #/Type3123 / Error
Event Submitted/Written: 04/09/2008 11:29:49 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type3122 / Error
Event Submitted/Written: 04/09/2008 11:29:32 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type3121 / Error
Event Submitted/Written: 04/09/2008 11:29:32 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type3120 / Error
Event Submitted/Written: 04/09/2008 11:29:17 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-04-09 11:37:44 ------------

BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:05:13 AM

Posted 20 April 2008 - 07:17 AM

Hello elgrunto

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy.

If you still need help, please post a new DSS.scan report to make sure nothing has changed. Please post only the main.txt report.


And I'll be happy to take a look at it for you.

Thanks, for your patience.

#3 elgrunto

elgrunto
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 20 April 2008 - 06:51 PM

Hello, I greatly appreciate the reply, and absolutely no worries about the wait...it's volunteer and you guys are great. But yes, my computer still has the problem so here is an updated dss. I have also found when I close the ccApp.exe process that is used by Norton, these messages don't seem to pop up. Thanks Again, Grant.

Robert MitchumDeckard's System Scanner v20071014.68
Run by Grant Casey on 2008-04-20 17:20:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 4.95 GiB (less than 15%) free.


-- HijackThis (run as .exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-20 17:20:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Grant Casey\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134877144390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{65373D93-E4C3-47E6-B854-77436D42D999}: NameServer = 66.109.128.2,66.109.128.3
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{90AD4CF3-4C4E-4626-AE14-F87C6B41E6EC}: NameServer = 66.109.128.2,66.109.128.3
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe


--
End of file - 11256 bytes

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-09 10:39:02 0 d-------- C:\!KillBox
2008-03-29 19:04:18 0 d-------- C:\Program Files\Enigma Software Group
2008-03-29 13:06:23 315494 --ahs---- C:\windows\system32\hjllm.ini2
2008-03-29 12:53:48 0 d-------- C:\windows\system32\ActiveScan
2008-03-29 09:24:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 09:21:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 09:21:30 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\SUPERAntiSpyware.com
2008-03-28 23:35:17 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Grisoft
2008-03-28 23:34:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-28 20:11:29 0 d-------- C:\VundoFix Backups
2008-03-28 16:12:45 297276 --ahs---- C:\windows\system32\stutv.ini2
2008-03-28 15:50:07 162304 --a------ C:\windows\system32\ztvunrar36.dll
2008-03-28 15:50:07 77312 --a------ C:\windows\system32\ztvunace26.dll
2008-03-28 15:50:06 69632 --a------ C:\windows\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-03-28 15:50:06 75264 --a------ C:\windows\system32\unacev2.dll
2008-03-28 15:50:04 153088 --a------ C:\windows\system32\UNRAR3.dll
2008-03-28 15:49:55 0 d-------- C:\Program Files\Trojan Remover
2008-03-28 15:49:55 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Simply Super Software
2008-03-28 15:49:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-03-28 13:56:21 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\AdwareAlert
2008-03-28 02:06:49 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Auslogics
2008-03-28 02:06:19 0 d-------- C:\Program Files\Auslogics
2008-03-28 01:45:46 0 d-------- C:\windows\system32\NtmsData
2008-03-27 01:18:36 0 d-------- C:\windows\pss
2008-03-27 00:10:13 120 --a------ C:\tempdel.bat
2008-03-27 00:10:00 0 d-------- C:\Program Files\Helper
2008-03-25 23:44:00 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Webcammax
2008-03-23 19:17:00 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-23 19:16:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 19:08:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-23 15:36:11 2560 --a------ C:\windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-03-22 23:08:16 87424 --a------ C:\windows\system32\drivers\SysPlant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
2008-03-22 19:58:24 0 d-------- C:\Program Files\iPod
2008-03-22 19:57:46 0 d-------- C:\Program Files\iTunes
2008-03-22 19:54:54 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-04-07 18:59:49 0 d-------- C:\Program Files\BitComet
2008-03-29 17:35:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-29 17:35:40 0 d-------- C:\Program Files\Windows Defender
2008-03-23 22:18:46 0 d-------- C:\Program Files\Google
2008-03-23 19:16:22 0 d-------- C:\Program Files\Common Files
2008-03-23 19:08:07 0 d-------- C:\Program Files\Java
2008-03-22 23:07:34 0 d-------- C:\Program Files\Symantec
2008-03-22 19:46:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-22 16:09:22 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\skypePM
2008-03-22 00:17:05 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Skype
2008-03-13 22:28:34 0 d-------- C:\Program Files\LimeWire
2008-03-13 21:11:18 0 d-------- C:\Program Files\Incomplete
2008-03-09 19:31:02 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-09 02:24:02 0 d-------- C:\Program Files\Logitech
2008-03-09 00:33:08 0 d-------- C:\Program Files\Common Files\Skype
2008-02-26 23:41:17 112944 --a----c- C:\windows\system32\GDIPFONTCACHEV1.DAT
2008-02-25 20:15:22 0 d-------- C:\Program Files\Microsoft Works
2008-02-25 19:42:57 0 d-------- C:\Program Files\MSBuild
2008-02-25 19:26:29 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-25 13:46:28 0 d-------- C:\Program Files\Common Files\Real
2008-02-25 13:44:58 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\Real
2008-02-24 16:36:13 0 d-------- C:\Documents and Settings\Grant Casey\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/06/2007 03:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [08/04/2004 02:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [4/15/2007 6:10:58 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"LogitechSetup"="D:\Setup\Setup.exe" /start /restart /l:enu
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"hpWirelessAssistant"="%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211a6186-dbe7-11da-b849-000fb06e47b1}]
AutoRun\command- Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55fcf48c-f97e-11da-b856-00904bac80c0}]
AutoRun\command- Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c741770f-8335-11da-a609-000fb06e47b1}]
AutoRun\command- G:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49b6efa-a907-11dc-b8c4-00904bac80c0}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-20 17:22:18 ------------

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:05:13 AM

Posted 21 April 2008 - 06:41 AM

Hi Grant

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Please download ATF Cleaner.<- link. by Atribune. Don’t run it yet


Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.


Please reboot your computer in SafeMode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here <--link to tutorial

  • run: ATF
Double-click Posted Image to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at
the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
If you use Opera browserClick Opera at the
top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located
at the bottom of each menu.]


Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen).
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Please post also the vundofix.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users