Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispyware Master And "malware" Popups


  • Please log in to reply
3 replies to this topic

#1 hammersmashedcomputr

hammersmashedcomputr

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 13 April 2008 - 12:37 AM

new here (obviously). thanks in advance for any help...

reading a wikipedia entry (of all things) and checked out an external link. once redirected, three "firewall" prompts came up via Norton...two i allowed but the third (figuring something was up) i blocked. since then, AntiSpyWare Master magically appeared on my computer. knowing that i did not install it, i removed it to the best of my knowledge. now, i have multiple pop-ups occur indicating that i need to download software to prevent spyware or malware. i have clicked on none of these; simply closing the windows. all of these pop-ups occur through Internet Explorer; i normally only use Firefox.

non-web browsing apps work fine -- Excel, Word, Adobe Reader, etc. when web-browsing, some websites load fine [this one, Yahoo! Sports] but most never load.

lastly, Norton has twice (in the last seven hours) discovered and removed "downloader"

here are the Deckard logs and HiJackThis log...

Deckard's System Scanner v20071014.68
Run by Magliosis on 2008-04-13 01:14:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
67: 2008-04-13 04:55:32 UTC - RP694 - Deckard's System Scanner Restore Point
66: 2008-04-13 03:12:06 UTC - RP693 - Spybot-S&D Spyware removal
65: 2008-04-13 00:57:19 UTC - RP692 - Last known good configuration
64: 2008-04-13 00:57:01 UTC - RP691 - System Checkpoint
63: 2008-04-13 00:57:01 UTC - RP690 - System Checkpoint


-- First Restore Point --
1: 2008-04-13 00:56:21 UTC - RP628 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Magliosis.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-13 01:15:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\SYSTEM32\ScsiAccess.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Magliosis\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\SYSTEM32\wvUmnLbx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5FA39AED-DF41-493A-B57B-6342B442301A} - C:\WINDOWS\SYSTEM32\rqRLffeD.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: {ac157d7b-a8d2-703b-d7a4-d5a5c1d82e2b} - {b2e28d1c-5a5d-4a7d-b307-2d8ab7d751ca} - C:\WINDOWS\SYSTEM32\iphqxnix.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [9473609b] rundll32.exe "C:\WINDOWS\system32\jfbtuhsq.dll",b
O4 - HKLM\..\Run: [BM97405307] Rundll32.exe "C:\WINDOWS\system32\wdybylto.dll",s
O4 - HKLM\..\RunServicesOnce: [Iomega CD-RW Setup] D:\Iomega_CD-RW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: CIBAEJC.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\System32\IEPlugin.dll (file missing)
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\System32\IEPlugin.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Magliosis\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116123525937
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: wvUmnLbx - C:\WINDOWS\system32\wvUmnLbx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\CCPWDSVC.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\COMHOST.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\SYSTEM32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Security - C:\WINDOWS\Web\desktop.html

--
End of file - 12998 bytes

-- HijackThis Fixed Entries (C:\ANTISP~1\HIJACK~1\backups\) --------------------

backup-20080412-231120-138 O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
backup-20080412-231120-154 O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
backup-20080412-231120-203 O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
backup-20080412-231120-341 O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
backup-20080412-231120-370 O1 - Hosts: 205.238.40.1 www.winmx.com
backup-20080412-231120-465 O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
backup-20080412-231120-553 O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
backup-20080412-231120-630 O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
backup-20080412-231120-670 O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
backup-20080412-231120-729 O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
backup-20080412-231120-765 O1 - Hosts: 205.238.40.1 err.winmx.com
backup-20080412-231120-793 O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
backup-20080412-231120-816 O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
backup-20080412-231120-871 O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
backup-20080412-231120-930 O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
backup-20080412-231120-963 O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
backup-20080412-231120-994 O1 - Hosts: 205.238.40.1 winmx.com
backup-20080412-231121-115 O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
backup-20080412-231121-146 O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
backup-20080412-231121-155 O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
backup-20080412-231121-161 O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
backup-20080412-231121-181 O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
backup-20080412-231121-191 O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
backup-20080412-231121-196 O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
backup-20080412-231121-209 O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
backup-20080412-231121-220 O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
backup-20080412-231121-274 O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
backup-20080412-231121-279 O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
backup-20080412-231121-285 O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
backup-20080412-231121-300 O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
backup-20080412-231121-303 O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
backup-20080412-231121-309 O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
backup-20080412-231121-329 O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
backup-20080412-231121-340 O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
backup-20080412-231121-399 O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
backup-20080412-231121-458 O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
backup-20080412-231121-477 O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
backup-20080412-231121-478 O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
backup-20080412-231121-506 O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
backup-20080412-231121-517 O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
backup-20080412-231121-533 O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
backup-20080412-231121-534 O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
backup-20080412-231121-545 O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
backup-20080412-231121-552 O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
backup-20080412-231121-591 O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
backup-20080412-231121-594 O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
backup-20080412-231121-604 O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
backup-20080412-231121-623 O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
backup-20080412-231121-648 O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
backup-20080412-231121-655 O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
backup-20080412-231121-677 O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
backup-20080412-231121-689 O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
backup-20080412-231121-727 O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
backup-20080412-231121-827 O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
backup-20080412-231121-867 O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
backup-20080412-231121-883 O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
backup-20080412-231121-903 O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
backup-20080412-231121-915 O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
backup-20080412-231121-918 O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
backup-20080412-231121-950 O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
backup-20080412-231121-964 O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
backup-20080412-231121-967 O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
backup-20080412-231121-977 O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
backup-20080412-231122-100 O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
backup-20080412-231122-108 O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com
backup-20080412-231122-153 O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
backup-20080412-231122-156 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
backup-20080412-231122-159 O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
backup-20080412-231122-161 O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
backup-20080412-231122-193 O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
backup-20080412-231122-199 O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
backup-20080412-231122-203 O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
backup-20080412-231122-213 O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
backup-20080412-231122-219 O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
backup-20080412-231122-232 O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
backup-20080412-231122-358 O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
backup-20080412-231122-397 O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
backup-20080412-231122-402 O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
backup-20080412-231122-496 O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
backup-20080412-231122-515 O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
backup-20080412-231122-543 O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
backup-20080412-231122-555 O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
backup-20080412-231122-560 O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
backup-20080412-231122-561 O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
backup-20080412-231122-566 O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
backup-20080412-231122-593 O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
backup-20080412-231122-613 O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
backup-20080412-231122-614 O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
backup-20080412-231122-645 O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
backup-20080412-231122-682 O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
backup-20080412-231122-705 O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
backup-20080412-231122-710 O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
backup-20080412-231122-729 O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
backup-20080412-231122-775 O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
backup-20080412-231122-819 O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
backup-20080412-231122-831 O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
backup-20080412-231122-858 O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
backup-20080412-231122-871 O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
backup-20080412-231122-921 O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
backup-20080412-231122-936 O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
backup-20080412-231122-941 O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
backup-20080412-231122-994 O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ScsiAccess - c:\windows\system32\scsiaccess.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-13 01:16:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-03-03 05:22:03 556 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Magliosis.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-12 21:06:53 92736 --a------ C:\WINDOWS\system32\iphqxnix.dll
2008-04-12 21:02:10 86592 --a------ C:\WINDOWS\system32\jfbtuhsq.dll
2008-04-12 20:59:10 3648 --a------ C:\WINDOWS\system32\beiknvnq.dll
2008-04-12 20:58:22 94272 --a------ C:\WINDOWS\system32\wdybylto.dll
2008-04-12 20:56:09 300930 --ahs---- C:\WINDOWS\system32\DeffLRqr.ini2
2008-04-12 20:56:05 272384 --a------ C:\WINDOWS\system32\rqRLffeD.dll
2008-04-12 19:28:51 36864 --a------ C:\WINDOWS\system32\mlJYrooN.dll
2008-04-12 19:25:47 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-12 19:25:45 36864 --a------ C:\WINDOWS\system32\wvUmnLbx.dll
2008-04-09 14:05:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-09 14:05:12 0 d-------- C:\Program Files\Comcast
2008-04-09 14:00:05 0 d-------- C:\Program Files\support.com
2008-04-09 13:59:59 0 d-------- C:\Program Files\Common Files\SupportSoft


-- Find3M Report ---------------------------------------------------------------

2008-04-13 01:00:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 23:36:53 0 d-------- C:\Program Files\Norton Internet Security
2008-04-12 20:59:54 0 d-------- C:\Program Files\Symantec
2008-04-09 13:59:59 0 d-------- C:\Program Files\Common Files
2008-03-04 00:53:49 0 d-------- C:\Documents and Settings\Magliosis\Application Data\Adobe
2008-03-03 01:42:34 0 d-------- C:\Documents and Settings\Magliosis\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]
04/12/2008 07:25 PM 36864 --a------ C:\WINDOWS\system32\wvUmnLbx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FA39AED-DF41-493A-B57B-6342B442301A}]
04/12/2008 08:56 PM 272384 --a------ C:\WINDOWS\system32\rqRLffeD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e28d1c-5a5d-4a7d-b307-2d8ab7d751ca}]
04/12/2008 09:06 PM 92736 --a------ C:\WINDOWS\system32\iphqxnix.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/12/2004 01:23 AM]
"@"="" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 09:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 09:59 AM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [11/19/2004 10:15 AM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [10/22/2004 02:42 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/24/2005 01:08 AM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 02:21 PM]
"9473609b"="C:\WINDOWS\system32\jfbtuhsq.dll" [04/12/2008 09:02 PM]
"BM97405307"="C:\WINDOWS\system32\wdybylto.dll" [04/12/2008 08:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 01:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"Iomega CD-RW Setup"=D:\Iomega_CD-RW.exe

C:\Documents and Settings\Magliosis\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CIBAEJC.lnk - C:\Program Files\Kingsoft\XdictEJC\xdict.exe [7/5/2005 4:38:13 PM]
DESKTOP.INI [9/3/2002 10:00:00 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/24/2005 1:28:44 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 2:39:30 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\WINDOWS\Web\desktop.html
FriendlyName= Security

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"= C:\WINDOWS\system32\wvUmnLbx.dll [04/12/2008 07:25 PM 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmnLbx]
wvUmnLbx.dll 04/12/2008 07:25 PM 36864 C:\WINDOWS\SYSTEM32\wvUmnLbx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRLffeD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Program Files\Common files\updater\wupdater.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ESPN BottomLine"=C:\Program Files\ESPN\BottomLine\bline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c0a0416-a989-11db-b8a2-001195d58a09}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c0a041e-a989-11db-b8a2-001195d58a09}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-13 01:17:16 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 766 MiB / 347.73 MiB
Pagefile Memory (total/avail): 1108.63 MiB / 687.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 10.11 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75FJA1 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:

\\.\PHYSICALDRIVE1 - JetFlash TS1GJF150 USB Device - 972.69 MiB - 1 partition
\PARTITION0 - Unknown - 979.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Magliosis\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJ8LJ251
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Magliosis
LOGONSERVER=\\DJ8LJ251
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MAGLIO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MAGLIO~1\LOCALS~1\Temp
USERDOMAIN=DJ8LJ251
USERNAME=Magliosis
USERPROFILE=C:\Documents and Settings\Magliosis
Veo_532_INF_PATH=C:\WINDOWS\INF\oem29.inf
Veo_532_INSTALL_DIR=C:\Program Files\Veo Connect\Driver
Veo_532_PNF_PATH=C:\WINDOWS\INF\oem29.pnf
Veo_532_PRODUCT_VER=1.3.0.0
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Magliosis (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Iomega CD-RW\Easy CD Creator 4\UNINST.ISU"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /X{1359D6D8-B1F0-4335-AE79-49CD2AF8EA26}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Aare MP3 WAV Converter --> "C:\Program Files\AareMp3WavConverter\unins000.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Interactive Forms Update SP1 --> MsiExec.exe /I{AC76BA86-0000-F676-9FA0-000000000603}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Audacity 1.2.3 --> "C:\Program Files\Audacity\unins000.exe"
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CIBA.net EJC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6F55956-4A6B-40D4-9A40-8F323067ED78}\setup.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
dBpowerAMP Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
Dell AIO Printer A940 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBAUN5C.EXE -dDell AIO Printer A940
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Desktop Doctor --> MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
DSS DJ 5.0 --> "C:\Program Files\MyXOFT\DSS DJ\unins000.exe"
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Free CD Ripper 3.1 --> "C:\Program Files\FreeCDRipper\unins000.exe"
Galaxy of Mahjongg 2 --> C:\PROGRA~1\eGames\GALAXY~1\UNWISE.EXE C:\PROGRA~1\eGames\GALAXY~1\INSTALL.LOG
HijackThis 1.99.1 --> C:\Documents and Settings\Magliosis\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
Iq --> C:\WINDOWS\ST5UNST.EXE -n "C:\IQST5UNST.LOG"
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_7cca4\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Speech API 4.0 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Text-to-Speech Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Internet Security 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
Organic Art, Microsoft Edition --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Computer Artworks\Organic Art\MS\DeIsL1.isu"
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio MyDVD Premier 8 --> MsiExec.exe /I{8F0A7DCB-D605-4890-B842-D5480F3B9232}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Veo Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{099B096F-A916-4ECE-8EF2-A6E5F7C4D113}\setup.exe" -l0x9
Veo Creative Studio - Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02C9511F-19C3-47C7-9383-FCF008E813A0}\Setup.exe" -l0x9
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VoipStunt --> "C:\Program Files\VoipStunt.com\VoipStunt\unins000.exe"
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! Address AutoComplete --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Photos Easy Upload Tool 1v6 --> C:\WINDOWS\System32\regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\YDropper.dll"


-- Application Event Log -------------------------------------------------------

Event Record #/Type72743 / Warning
Event Submitted/Written: 04/13/2008 00:00:26 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type72741 / Error
Event Submitted/Written: 04/12/2008 11:29:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Event Record #/Type72711 / Warning
Event Submitted/Written: 04/12/2008 10:45:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type72635 / Error
Event Submitted/Written: 04/12/2008 08:35:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrord32.exe, version 6.0.2.126, faulting module unknown, version 0.0.0.0, fault address 0x24003883.
Processing media-specific event for [acrord32.exe!ws!]

Event Record #/Type72631 / Error
Event Submitted/Written: 04/12/2008 02:51:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrord32.exe, version 6.0.2.126, faulting module acrord32.exe, version 6.0.2.126, fault address 0x001492f3.
Processing media-specific event for [acrord32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type441491 / Error
Event Submitted/Written: 04/13/2008 00:50:20 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Roxio Hard Drive Watcher service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type441490 / Error
Event Submitted/Written: 04/13/2008 00:38:11 AM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type441473 / Error
Event Submitted/Written: 04/13/2008 00:03:28 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type441472 / Error
Event Submitted/Written: 04/13/2008 00:03:28 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type441451 / Error
Event Submitted/Written: 04/13/2008 00:03:10 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-04-13 01:17:16 ------------

Logfile of HijackThis v1.99.1
Scan saved at 1:35:23 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\AntiSpyWare\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [9473609b] rundll32.exe "C:\WINDOWS\system32\jfbtuhsq.dll",b
O4 - HKLM\..\Run: [BM97405307] Rundll32.exe "C:\WINDOWS\system32\wdybylto.dll",s
O4 - HKLM\..\RunServicesOnce: [Iomega CD-RW Setup] D:\Iomega_CD-RW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: CIBAEJC.lnk = C:\Program Files\Kingsoft\XdictEJC\xdict.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\System32\IEPlugin.dll (file missing)
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\System32\IEPlugin.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Magliosis\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116123525937
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - Unknown owner - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:26 PM

Posted 13 April 2008 - 04:31 AM

Hello there and welcome to Bleeping Computer's security forum. :thumbsup:
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\SYSTEM32\wvUmnLbx.dll
O2 - BHO: (no name) - {5FA39AED-DF41-493A-B57B-6342B442301A} - C:\WINDOWS\SYSTEM32\rqRLffeD.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ac157d7b-a8d2-703b-d7a4-d5a5c1d82e2b} - {b2e28d1c-5a5d-4a7d-b307-2d8ab7d751ca} - C:\WINDOWS\SYSTEM32\iphqxnix.dll
O4 - HKLM\..\Run: [9473609b] rundll32.exe "C:\WINDOWS\system32\jfbtuhsq.dll",b
O4 - HKLM\..\Run: [BM97405307] Rundll32.exe "C:\WINDOWS\system32\wdybylto.dll",s
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\System32\IEPlugin.dll (file missing)
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\System32\IEPlugin.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Magliosis\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: wvUmnLbx - C:\WINDOWS\system32\wvUmnLbx.dll
O24 - Desktop Component 0: Security - C:\WINDOWS\Web\desktop.html

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\Web\desktop.html
C:\WINDOWS\system32\iphqxnix.dll
C:\WINDOWS\system32\jfbtuhsq.dll
C:\WINDOWS\system32\beiknvnq.dll
C:\WINDOWS\system32\wdybylto.dll
C:\WINDOWS\system32\DeffLRqr.ini2
C:\WINDOWS\system32\rqRLffeD.dll
C:\WINDOWS\system32\mlJYrooN.dll
C:\WINDOWS\system32\bharebio01
C:\WINDOWS\system32\wvUmnLbx.dll


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

Close all instances of Internet Explorer .
Go to your control panel and open "Internet Options".
Click on the "General" tab.
Click the "Delete Cookies" button, then the "Delete Files" button.
If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

Go to start and click on the "run" button.
Type the following in the box --> cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3 hammersmashedcomputr

hammersmashedcomputr
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 13 April 2008 - 04:28 PM

Thank you David for your help thus far.

i followed the directions as stated.

from my HiJackThis run, six items were no longer present; the remainder were checked off and fixed. here are the six that were not present [according to HJT]:

O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\SYSTEM32\wvUmnLbx.dll
O2 - BHO: (no name) - {5FA39AED-DF41-493A-B57B-6342B442301A} - C:\WINDOWS\SYSTEM32\rqRLffeD.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ac157d7b-a8d2-703b-d7a4-d5a5c1d82e2b} - {b2e28d1c-5a5d-4a7d-b307-2d8ab7d751ca} - C:\WINDOWS\SYSTEM32\iphqxnix.dll
O20 - Winlogon Notify: wvUmnLbx - C:\WINDOWS\system32\wvUmnLbx.dll
O24 - Desktop Component 0: Security - C:\WINDOWS\Web\desktop.html

When Killbox completed its run, the following prompt appeared [verbatim]:

"PendingFileRenameOperations Registry Data has been Removed by External Process!"

below is the Combofix log...

ComboFix 08-04-13.1 - Magliosis 2008-04-13 16:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.372 [GMT -4:00]
Running from: C:\Documents and Settings\Magliosis\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Magliosis\Application Data\macromedia\Flash Player\#SharedObjects\3W3369J8\www.inter-focus.cn
C:\Documents and Settings\Magliosis\Application Data\macromedia\Flash Player\#SharedObjects\3W3369J8\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\Magliosis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\Magliosis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\DeffLRqr.ini
C:\WINDOWS\SYSTEM32\DeffLRqr.ini2
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\iphqxnix.dll
C:\WINDOWS\system32\jfbtuhsq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJYrooN.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\qshutbfj.ini
C:\WINDOWS\system32\rqRLffeD.dll
C:\WINDOWS\system32\wdybylto.dll
C:\WINDOWS\system32\wnsinttr.exe
C:\WINDOWS\system32\wvUmnLbx.dll
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 00:54 . 2008-04-13 00:54 <DIR> d-------- C:\Deckard
2008-04-12 20:59 . 2008-04-12 20:59 3,648 --a------ C:\WINDOWS\SYSTEM32\beiknvnq.dll
2008-04-12 20:58 . 2008-04-12 20:58 0 --a------ C:\WINDOWS\BM97405307.xml
2008-04-12 19:25 . 2008-04-12 19:28 <DIR> d-------- C:\WINDOWS\SYSTEM32\bharebio01
2008-04-12 19:25 . 2008-04-12 19:25 <DIR> d-------- C:\TEMP\wdlw14
2008-04-09 14:05 . 2008-04-09 14:05 <DIR> d-------- C:\Program Files\Comcast
2008-04-09 14:05 . 2008-04-09 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-09 14:05 . 2007-05-17 17:43 15,086 --a------ C:\WINDOWS\ComcastWebmail.ico
2008-04-09 14:00 . 2008-04-09 14:00 <DIR> d-------- C:\Program Files\support.com
2008-04-09 14:00 . 2008-04-09 14:00 1,421 --a------ C:\net_save.dna
2008-04-09 13:59 . 2008-04-09 13:59 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-03-29 21:01 . 2008-04-03 22:14 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-22 13:57 . 2008-04-12 16:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 13:57 . 2008-03-22 13:57 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 20:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-13 04:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 03:36 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-13 00:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-13 00:59 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-04-13 00:59 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-13 00:59 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-13 00:59 --------- d-----w C:\Program Files\Symantec
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-03 05:42 --------- d-----w C:\Documents and Settings\Magliosis\Application Data\U3
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-03-27 07:13 85,624 ----a-w C:\Documents and Settings\Magliosis\Application Data\GDIPFONTCACHEV1.DAT
2005-09-24 05:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2005-06-20 13:35 560 -c--a-w C:\Program Files\Global.sw
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-12 01:23 77824]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 09:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 09:59 126976]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-11-19 10:15 1216512]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 14:42 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"Iomega CD-RW Setup"="D:\Iomega_CD-RW.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CIBAEJC.lnk - C:\Program Files\Kingsoft\XdictEJC\xdict.exe [2005-07-05 16:38:13 647168]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 01:28:44 282624]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 02:39:30 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\WINDOWS\Web\desktop.html
FriendlyName= Security

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmnLbx]
wvUmnLbx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a--c--- 2003-08-13 11:27 28672 C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 20:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Program Files\Common files\updater\wupdater.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ESPN BottomLine"=C:\Program Files\ESPN\BottomLine\bline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 19:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c0a0416-a989-11db-b8a2-001195d58a09}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c0a041e-a989-11db-b8a2-001195d58a09}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 09:22:03 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Magliosis.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-04-13 21:16:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 17:09:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\SYSTEM32\ScsiAccess.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2008-04-13 17:17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 21:17:12
Pre-Run: 10,784,829,440 bytes free
Post-Run: 10,698,379,264 bytes free
.
2008-04-09 04:22:09 --- E O F ---

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:26 PM

Posted 15 April 2008 - 11:18 AM

First things first, we need to install the recovery console onto your system; it's an important security and safety feature which you really do need to have installed. You can install the recovery console regardless of whether or not you have the XP cd that came with the operating system - I recommend you download the recovery console installation file from the internet, it's only about 4mb in size, so it shouldn't take too long to download.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop.

If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information:

1) Click on the Start button.
2) Click on the Run menu option.
3) In the Open: field type the following: sysdm.cpl and then click on the OK button.
4) A screen will appear showing information about your installation.
Under the System: category you should see your Windows version and the installed Service Pack.

Once the Microsoft file has finished downloading, close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. This is shown in the following image:
Posted Image
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users