Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware.iemonster.d , Zlob.pornadvertiser.ba , Win32.rbot.fm , Worm.bagel. Cp


  • This topic is locked This topic is locked
2 replies to this topic

#1 blueblue

blueblue

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 09 April 2008 - 09:50 PM

Virus warning sign pops up on my computer whenever i turn it on, or even while using it.
Deckard's System Scanner v20071014.68
Run by Kerrisha on 2008-04-09 21:14:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-04-10 02:14:46 UTC - RP446 - Deckard's System Scanner Restore Point
31: 2008-04-09 06:26:03 UTC - RP445 - Software Distribution Service 3.0
30: 2008-04-09 05:15:28 UTC - RP444 - System Checkpoint
29: 2008-04-05 21:27:14 UTC - RP443 - System Checkpoint
28: 2008-04-04 01:09:46 UTC - RP442 - System Checkpoint


-- First Restore Point --
1: 2008-02-14 19:34:42 UTC - RP415 - Installed Family Lawyer 2004


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-09 21:18:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kerrisha\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-inc/en/s...html?channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O1 - Hosts: 10.18.250.4 ad.doubleclick.net
O1 - Hosts: 10.18.250.4 ad.fastclick.net
O1 - Hosts: 10.18.250.4 ads.fastclick.net
O1 - Hosts: 10.18.250.4 ar.atwola.com
O1 - Hosts: 10.18.250.4 atdmt.com
O1 - Hosts: 10.18.250.4 awaps.net
O1 - Hosts: 10.18.250.4 banner.fastclick.net
O1 - Hosts: 10.18.250.4 banners.fastclick.net
O1 - Hosts: 10.18.250.4 click.atdmt.com
O1 - Hosts: 10.18.250.4 clicks.atdmt.com
O1 - Hosts: 10.18.250.4 download.microsoft.com
O1 - Hosts: 10.18.250.4 downloads.microsoft.com
O1 - Hosts: 10.18.250.4 engine.awaps.net
O1 - Hosts: 10.18.250.4 fastclick.net
O1 - Hosts: 10.18.250.4 ftp.avp.ch
O1 - Hosts: 10.18.250.4 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.f-secure.com
O1 - Hosts: 10.18.250.4 ftp.kasperskylab.ru
O1 - Hosts: 10.18.250.4 ftp.sophos.com
O1 - Hosts: 10.18.250.4 go.microsoft.com
O1 - Hosts: 10.18.250.4 ids.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 media.fastclick.net
O1 - Hosts: 10.18.250.4 msdn.microsoft.com
O1 - Hosts: 10.18.250.4 norton.com
O1 - Hosts: 10.18.250.4 office.microsoft.com
O1 - Hosts: 10.18.250.4 phx.corporate-ir.net
O1 - Hosts: 10.18.250.4 spd.atdmt.com
O1 - Hosts: 10.18.250.4 support.microsoft.com
O1 - Hosts: 10.18.250.4 viruslist.com
O1 - Hosts: 10.18.250.4 viruslist.ru
O1 - Hosts: 10.18.250.4 virusscan.jotti.org
O1 - Hosts: 10.18.250.4 virustotal.com
O1 - Hosts: 10.18.250.4 windowsupdate.microsoft.com
O1 - Hosts: 10.18.250.4 www.avp.ch
O1 - Hosts: 10.18.250.4 www.avp.ru
O1 - Hosts: 10.18.250.4 www.awaps.net
O1 - Hosts: 10.18.250.4 www.fastclick.net
O1 - Hosts: 10.18.250.4 www.grisoft.com
O1 - Hosts: 10.18.250.4 www.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 www.kaspersky.ru
O1 - Hosts: 10.18.250.4 www.microsoft.com
O1 - Hosts: 10.18.250.4 www.pandasoftware.com
O1 - Hosts: 10.18.250.4 www.viruslist.ru
O1 - Hosts: 10.18.250.4 www.virustotal.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [e] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Block This Image (Adblock Pro) - C:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm529YYUS
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Season%20Match/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/chuzzled...aploader_v7.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


--
End of file - 16134 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 19:36:14 414 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-03-07 19:30:00 354 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D75DFP91-raymond).job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 00:55:35 0 d-------- C:\Program Files\XP Antivirus
2008-03-30 22:15:01 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-03-30 22:13:35 0 d-------- C:\Program Files\Baby Luv
2008-03-29 13:55:08 0 d-------- C:\Documents and Settings\Kerrisha\Application Data\Ludia
2008-03-29 13:55:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-03-27 19:46:46 0 d-------- C:\Documents and Settings\Kerrisha\Application Data\Friday's games
2008-03-27 19:43:46 0 --a------ C:\Program Files\temp01
2008-03-27 19:43:40 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache


-- Find3M Report ---------------------------------------------------------------

2008-04-09 21:12:52 0 d-------- C:\Documents and Settings\Kerrisha\Application Data\COMCASTTOOLBAR
2008-04-09 19:52:55 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-30 22:10:08 0 d-------- C:\Program Files\Games
2008-03-30 18:00:07 0 d-------- C:\Program Files\Norton Security Scan
2008-03-27 19:43:40 0 d-------- C:\Program Files\bfgclient
2008-03-02 19:01:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-24 00:10:35 0 dr-h----- C:\Documents and Settings\Kerrisha\Application Data\SecuROM
2008-02-23 23:27:47 0 d-------- C:\Program Files\EA GAMES
2008-02-23 18:46:36 0 d-------- C:\Program Files\NetZero
2008-02-14 14:39:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-12 20:53:34 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
06/19/2007 10:09 AM 380928 --a------ C:\Program Files\GamesBar\oberontb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F385C231-605B-4d8f-ACA9-DBFF765BBE17}]
09/25/2007 07:50 AM 397312 --a------ C:\Program Files\Adblock Pro\AdblockPro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/17/2006 06:34 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe" [11/24/2007 06:33 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" [11/24/2007 06:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/20/2006 12:08 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 08:20 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 05:10 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe" [11/24/2007 06:33 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/22/2008 11:49 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/18/2007 08:47 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"e"="C:\Program Files\XP Antivirus\xpa.exe" [04/09/2008 12:55 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Kerrisha\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [12/29/2007 4:46:40 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3255d58d-76bc-11dc-a30f-00038a000015}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe




-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com

36 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-09 21:20:35 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 253.98 MiB / 70.71 MiB
Pagefile Memory (total/avail): 624.98 MiB / 192.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.55 MiB

C: is Fixed (NTFS) - 71.36 GiB total, 53.96 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75JHC0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 71.36 GiB - C:
\PARTITION2 - Unknown - 3.1 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.0.394 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1144186228\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1144186228\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:AOL"
"C:\\Documents and Settings\\Kerrisha\\My Documents\\downloader\\Azureus\\Azureus.exe"="C:\\Documents and Settings\\Kerrisha\\My Documents\\downloader\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"E:\\uTorrent.exe"="E:\\uTorrent.exe:*:Enabled:Torrent"
"C:\\Program Files\\Infogrames Interactive\\Scrabble Complete\\ScrabbleComplete.exe"="C:\\Program Files\\Infogrames Interactive\\Scrabble Complete\\ScrabbleComplete.exe:*:Disabled:Scrabble Complete"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kerrisha\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D75DFP91
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kerrisha
LOGONSERVER=\\D75DFP91
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kerrisha\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kerrisha\LOCALS~1\Temp
USERDOMAIN=D75DFP91
USERNAME=Kerrisha
USERPROFILE=C:\Documents and Settings\Kerrisha
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

nigel (admin)
Admin (admin)
Kerrisha (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Torrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Adblock Pro 2.0 --> C:\Program Files\Adblock Pro\uninst.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Baby Luv --> "C:\Program Files\Baby Luv\ReflexiveArcade\unins000.exe"
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Doctor --> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor?"
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
GamesBar 1.1.0.5 --> C:\Program Files\GamesBar\uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Home Sweet Home --> "C:\Program Files\Home Sweet Home\ReflexiveArcade\unins000.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
InterVideo MPEG-2 Video Decoder v5.3 --> RunDLL32.exe advpack.dll,LaunchINFSection ivivideo.inf, UnInstall
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lexmark X5100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsbar.dll,O
MySpaceIM --> C:\Documents and Settings\Kerrisha\Application Data\MySpace\IM\bin\Uninstall.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Symantec AntiVirus --> MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
The Sims 2 Deluxe --> C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Ultra soft --> C:\Documents and Settings\kerrisha\Application Data\ultra\uninstall.bat
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~2.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Photos Easy Upload Tool --> C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5070 / Error
Event Submitted/Written: 04/09/2008 07:56:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application xpa.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5052 / Warning
Event Submitted/Written: 04/08/2008 11:05:27 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WordUserData', component '{8ADD2C93-C8B7-11D1-9C67-0000F81F1B38}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\UserData' does not exist.

Event Record #/Type5050 / Warning
Event Submitted/Written: 04/08/2008 11:04:32 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Event Record #/Type5031 / Warning
Event Submitted/Written: 04/05/2008 06:35:13 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WordUserData', component '{8ADD2C93-C8B7-11D1-9C67-0000F81F1B38}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\UserData' does not exist.

Event Record #/Type5030 / Warning
Event Submitted/Written: 04/05/2008 06:35:13 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type66299 / Error
Event Submitted/Written: 04/05/2008 06:35:06 PM / 04/05/2008 06:35:07 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {00020906-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type66235 / Error
Event Submitted/Written: 04/01/2008 09:47:42 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout.

Event Record #/Type66234 / Error
Event Submitted/Written: 04/01/2008 09:47:12 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Event Record #/Type66018 / Error
Event Submitted/Written: 03/26/2008 10:18:51 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Event Record #/Type66017 / Error
Event Submitted/Written: 03/26/2008 10:18:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-09 21:20:35 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:17 AM

Posted 10 April 2008 - 06:03 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:17 AM

Posted 22 April 2008 - 06:12 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users