Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 MVLDO

MVLDO

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 28 April 2008 - 08:19 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:10 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Napster\napster.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VideoData - {15977918-3A04-4982-8E45-EDC618371EBE} - C:\windows\konsarad.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-776561741-1343024091-105217331-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'GuestUser')
O4 - HKUS\S-1-5-21-776561741-1343024091-105217331-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'GuestUser')
O4 - HKUS\S-1-5-21-776561741-1343024091-105217331-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'GuestUser')
O4 - Startup: iPhoneRingToneMaker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202968128658
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202972338338
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\windows\system32\YPCSER~1.EXE

--
End of file - 10503 bytes

BC AdBot (Login to Remove)

 


#2 MVLDO

MVLDO
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 29 April 2008 - 07:47 AM

I keep getting a pop up window saying my computer is infected with a dangerouse virus and prompts me to download removal software. Here is my HijackThis log

Deckard's System Scanner v20071014.68
Run by mvigil on 2008-04-29 07:19:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
78: 2008-04-29 12:19:34 UTC - RP183 - Deckard's System Scanner Restore Point
77: 2008-04-29 03:47:06 UTC - RP182 - System Checkpoint
76: 2008-04-27 19:53:04 UTC - RP181 - System Checkpoint
75: 2008-04-26 19:23:56 UTC - RP180 - System Checkpoint
74: 2008-04-25 18:57:47 UTC - RP179 - System Checkpoint


-- First Restore Point --
1: 2008-02-14 08:20:10 UTC - RP106 - Installed Windows XP KB917344.


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.08 GiB (less than 15%) free.


-- HijackThis (run as mvigil.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:36 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Napster\napster.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\mvigil\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mvigil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VideoData - {15977918-3A04-4982-8E45-EDC618371EBE} - C:\windows\konsarad.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: iPhoneRingToneMaker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202968128658
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202972338338
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\windows\system32\YPCSER~1.EXE

--
End of file - 9925 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-28 20:00:26 594 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - mvigil.job
2008-04-27 18:35:49 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-28 19:33:56 0 d-------- C:\Program Files\Trend Micro
2008-04-28 08:24:55 0 d-------- C:\WINDOWS\pss
2008-04-27 13:56:38 218112 --a------ C:\WINDOWS\konsarad.dll
2008-04-27 13:56:36 49 --a------ C:\smp.bat
2008-04-24 22:41:25 0 d-------- C:\Documents and Settings\GuestUser\Application Data\U3
2008-04-20 18:06:34 0 d-------- C:\Program Files\ITTerritory
2008-04-20 15:17:28 0 d-------- C:\Program Files\Wide Angle Software
2008-04-20 15:09:15 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-20 01:00:25 0 d-------- C:\Documents and Settings\mvigil\dwhelper
2008-04-19 22:34:26 0 d-------- C:\Program Files\Western Digital Technologies
2008-04-17 06:03:28 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Sun
2008-04-16 14:26:06 0 d-------- C:\Documents and Settings\mvigil\Application Data\vlc
2008-04-16 14:03:21 0 d-------- C:\Program Files\VideoLAN
2008-04-16 10:40:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-04-16 10:39:59 0 d-------- C:\Documents and Settings\mvigil\Application Data\iWin
2008-04-16 01:32:00 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Talkback
2008-04-16 01:31:44 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Mozilla
2008-04-13 12:56:43 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-13 12:56:34 0 d-------- C:\Program Files\Video Converter 3
2008-04-12 23:02:19 0 d-------- C:\Program Files\Magic MP3 Tagger
2008-04-12 22:38:35 0 d-------- C:\Documents and Settings\mvigil\Application Data\Mp3tag
2008-04-12 22:38:22 0 d-------- C:\Program Files\Mp3tag
2008-04-12 21:28:10 0 d-------- C:\WINDOWS\Applian FLV Player
2008-04-12 21:28:10 0 d-------- C:\Program Files\FLV Player
2008-04-12 21:17:52 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2008-04-12 21:17:39 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-12 21:16:58 0 d-------- C:\Program Files\Replay Converter
2008-04-12 21:13:53 0 d-------- C:\Documents and Settings\mvigil\Application Data\GetRightToGo
2008-04-12 15:52:41 0 d-------- C:\Documents and Settings\GuestUser\Contacts
2008-04-11 20:24:56 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Macromedia
2008-04-11 20:23:42 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Adobe
2008-04-11 20:17:42 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Yahoo!
2008-04-11 20:13:53 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Identities
2008-04-11 20:13:33 0 d--h----- C:\Documents and Settings\GuestUser\Templates
2008-04-11 20:13:33 0 dr------- C:\Documents and Settings\GuestUser\Start Menu
2008-04-11 20:13:33 0 dr-h----- C:\Documents and Settings\GuestUser\SendTo
2008-04-11 20:13:33 0 dr-h----- C:\Documents and Settings\GuestUser\Recent
2008-04-11 20:13:33 0 d--h----- C:\Documents and Settings\GuestUser\PrintHood
2008-04-11 20:13:33 0 d--h----- C:\Documents and Settings\GuestUser\NetHood
2008-04-11 20:13:33 0 dr------- C:\Documents and Settings\GuestUser\My Documents
2008-04-11 20:13:33 0 d--h----- C:\Documents and Settings\GuestUser\Local Settings
2008-04-11 20:13:33 0 dr------- C:\Documents and Settings\GuestUser\Favorites
2008-04-11 20:13:33 0 d-------- C:\Documents and Settings\GuestUser\Desktop
2008-04-11 20:13:33 0 d--hs---- C:\Documents and Settings\GuestUser\Cookies
2008-04-11 20:13:33 0 dr-h----- C:\Documents and Settings\GuestUser\Application Data
2008-04-11 20:13:33 0 d---s---- C:\Documents and Settings\GuestUser\Application Data\Microsoft
2008-04-11 20:13:33 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Intel
2008-04-11 20:13:33 0 d-------- C:\Documents and Settings\GuestUser\Application Data\Apple Computer
2008-04-11 20:13:32 1835008 --ah----- C:\Documents and Settings\GuestUser\NTUSER.DAT
2008-04-10 12:00:03 0 d-------- C:\Documents and Settings\mvigil\Application Data\Help
2008-04-10 09:42:17 0 d-------- C:\Documents and Settings\mvigil\Application Data\Symantec
2008-04-10 09:40:36 37888 --a------ C:\WINDOWS\system32\DCCWFP32.DLL
2008-04-10 09:40:36 144384 --a------ C:\WINDOWS\system32\DCCMSP32.DLL <Not Verified; Symantec Corporation; Symantec WinFax PRO>
2008-04-10 09:40:36 104960 --a------ C:\WINDOWS\system32\DCCEXT32.DLL <Not Verified; Symantec Corporation; Symantec WinFax PRO>
2008-04-10 09:40:35 129536 --a------ C:\WINDOWS\system32\WFXSVC.EXE <Not Verified; Symantec Corporation; Symantec WinFax PRO>
2008-04-10 09:40:35 43008 --a------ C:\WINDOWS\system32\WFXSNT40.EXE <Not Verified; Microsoft Corporation; Microsoft ® Windows NT™ WinFax Printer Driver>
2008-04-10 09:40:35 132608 --a------ C:\WINDOWS\system32\WFXMNTHQ.DLL <Not Verified; Microsoft Corporation; Microsoft ® Windows NT™ WinFax Printer Driver>
2008-04-10 09:40:34 131072 --a------ C:\WINDOWS\system32\WFXMNT40.DLL <Not Verified; Microsoft Corporation; Microsoft ® Windows NT™ WinFax Printer Driver>
2008-04-10 09:40:33 229888 --a------ C:\WINDOWS\system32\Crpaig32.dll <Not Verified; Seagate Software, Information Management Group, Inc.; Crystal Reports Pro For Windows>
2008-04-10 09:40:32 17920 --a------ C:\WINDOWS\system32\IMPLODE.DLL
2008-04-10 09:40:32 5350912 --a------ C:\WINDOWS\system32\Crpe32.dll <Not Verified; Seagate Software, Inc.; Seagate Crystal Reports>
2008-04-10 09:40:21 41 --a------ C:\WINDOWS\WFXDEL.BAT
2008-04-10 09:40:21 0 d-------- C:\Program Files\Common Files\Novell Shared
2008-04-10 09:40:15 0 d-------- C:\Program Files\WinFax
2008-04-10 09:36:08 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-08 23:15:58 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-03 02:58:38 0 d-------- C:\Program Files\iLiberty
2008-04-03 00:31:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-29 07:22:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-29 06:58:32 0 d-------- C:\Documents and Settings\mvigil\Application Data\iPhoneRingToneMaker
2008-04-27 18:00:04 0 d-------- C:\Program Files\Norton Security Scan
2008-04-20 01:36:44 0 d-------- C:\Documents and Settings\mvigil\Application Data\LimeWire
2008-04-13 16:15:41 2941 --a------ C:\WINDOWS\mozver.dat
2008-04-10 22:14:50 0 d-------- C:\Documents and Settings\mvigil\Application Data\Apple Computer
2008-04-10 09:40:21 0 d-------- C:\Program Files\Common Files
2008-03-29 00:09:20 0 d-------- C:\Documents and Settings\mvigil\Application Data\Yahoo!
2008-03-28 21:59:23 18164 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-27 08:54:03 17536 --a------ C:\Documents and Settings\mvigil\Application Data\GDIPFONTCACHEV1.DAT
2008-03-26 18:28:40 0 d-------- C:\Program Files\Windows Live
2008-03-26 18:25:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-23 18:34:13 0 d-------- C:\Program Files\Real
2008-03-22 21:26:18 0 d-------- C:\Program Files\Napster
2008-03-16 10:33:13 0 d-------- C:\Documents and Settings\mvigil\Application Data\GameHouse
2008-03-16 10:33:11 0 d-------- C:\Program Files\GameHouse
2008-03-13 22:20:28 0 d-------- C:\Program Files\mp3Tag 5
2008-03-10 23:35:49 0 d-------- C:\Program Files\Symantec
2008-03-10 00:32:52 0 d-------- C:\Documents and Settings\mvigil\Application Data\Uniblue
2008-03-09 22:01:22 0 d-------- C:\Program Files\iPhoneRingToneMaker
2008-03-09 21:41:39 0 d-------- C:\Documents and Settings\mvigil\Application Data\Adobe
2008-03-09 21:39:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-09 21:33:19 0 d-------- C:\Documents and Settings\mvigil\Application Data\Bullzip
2008-03-09 21:29:46 0 d-------- C:\Program Files\Bullzip
2008-03-07 23:59:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 23:54:53 0 d-------- C:\Program Files\Microsoft Games
2008-03-07 23:39:34 0 d-------- C:\Documents and Settings\mvigil\Application Data\Sun
2008-03-06 22:26:56 0 d-------- C:\Program Files\ZiPhone
2008-03-02 11:16:43 0 d-------- C:\Documents and Settings\mvigil\Application Data\acccore
2008-03-02 11:16:13 0 d-------- C:\Program Files\AIM6
2008-03-02 11:15:52 0 d-------- C:\Program Files\Viewpoint
2008-03-02 11:15:05 0 d-------- C:\Program Files\Common Files\AOL
2008-03-02 08:57:41 0 d-------- C:\Program Files\MSXML 6.0
2008-03-02 00:56:13 0 d-------- C:\Documents and Settings\mvigil\Application Data\MSN6
2008-03-02 00:15:03 0 d-------- C:\Program Files\Java
2008-03-02 00:11:30 0 d-------- C:\Program Files\LimeWire
2008-03-01 00:56:38 0 d-------- C:\Program Files\iTunes
2008-03-01 00:56:05 0 d-------- C:\Program Files\iPod
2008-03-01 00:27:13 0 d-------- C:\Documents and Settings\mvigil\Application Data\Intel
2008-03-01 00:24:42 0 d-------- C:\Program Files\Intel
2008-02-14 08:51:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-13 23:17:59 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-13 16:05:25 62 --ahs---- C:\Documents and Settings\mvigil\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15977918-3A04-4982-8E45-EDC618371EBE}]
04/27/2008 01:56 PM 218112 --a------ C:\windows\konsarad.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 10:05 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [12/10/2007 03:35 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 04:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/21/2007 12:19 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/21/2007 12:17 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"WinFaxAppPortStarter"="wfxsnt40.exe" [09/28/2000 11:58 PM C:\windows\system32\WFXSNT40.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\mvigil\Start Menu\Programs\Startup\
iPhoneRingToneMaker.lnk - C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe [2/4/2008 4:43:30 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/12/2001 8:01:04 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\WinFax\WfxSeh32.Dll [07/27/1998 04:54 AM 38400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-29 07:23:42 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1400MHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.23 MiB / 188.15 MiB
Pagefile Memory (total/avail): 1249.92 MiB / 801.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.69 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 4.08 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST94811A - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device - 964.84 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 968.72 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\##$$\\ASMonitor.exe"="C:\\Program Files\\##$$\\ASMonitor.exe:*:Enabled:System"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\mvigil\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TX11139551
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mvigil
LOGONSERVER=\\TX11139551
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mvigil\LOCALS~1\Temp
TMP=C:\DOCUME~1\mvigil\LOCALS~1\Temp
USERDOMAIN=TX11139551
USERNAME=mvigil
USERPROFILE=C:\Documents and Settings\mvigil
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mvigil (admin)
GuestUser
Administrator.TX11139551 (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Empires III - The Asian Dynasties Trial --> C:\Program Files\InstallShield Installation Information\{63415CB1-3C97-4D9C-980D-336710EB0526}\setup.exe -runfromtemp -l0x0409
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Applian FLV Player --> "C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
Bullzip PDF Printer 4.0.0.549 --> "C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Burger Shop --> C:\PROGRA~1\GAMEHO~1\BURGER~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BURGER~1\INSTALL.LOG
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant D480 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
GPL Ghostscript Lite 8.61 --> "C:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iLiberty+ 1.2.0 Build 65 --> "C:\Program Files\iLiberty\unins000.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iPhoneRingToneMaker 2.1.3 --> C:\Program Files\iPhoneRingToneMaker\uninst.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Legend - Legacy Of The Dragons (with media and plugins), versio --> "C:\Program Files\ITTerritory\DragonsEn\unins000.exe"
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic MP3 Tagger 2.2.4d --> "C:\Program Files\Magic MP3 Tagger\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Monopoly Here & Now Edition --> C:\PROGRA~1\GAMEHO~1\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MONOPO~1\INSTALL.LOG
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
mp3Tag 5.9 --> "C:\Program Files\mp3Tag 5\unins000.exe"
Mp3tag v2.40 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Replay Converter 2.8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec WinFax PRO 10.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinFax\WFXUNIST.ISU" -c"C:\Program Files\WinFax\UNINSTUB.DLL"
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
TouchCopy --> MsiExec.exe /I{EA4C59C8-1D2A-4EF1-8911-DB7E1F619F3E}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.07 --> C:\Program Files\Video Converter 3\uninstaller.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Wheel of Fortune 2 --> C:\PROGRA~1\GAMEHO~1\WHEELO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WHEELO~1\INSTALL.LOG
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2785 / Error
Event Submitted/Written: 04/29/2008 07:22:33 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2784 / Error
Event Submitted/Written: 04/29/2008 07:22:33 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type2783 / Error
Event Submitted/Written: 04/29/2008 07:22:32 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type2714 / Warning
Event Submitted/Written: 04/28/2008 08:39:25 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: warning

Automatic LiveUpdate produced an unexpected exit code: -1073741502; advancing schedule...

Event Record #/Type2626 / Success
Event Submitted/Written: 04/26/2008 06:12:45 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5297 / Warning
Event Submitted/Written: 04/28/2008 10:23:14 PM / 04/28/2008 10:23:42 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type5292 / Warning
Event Submitted/Written: 04/28/2008 10:10:51 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.

Event Record #/Type5264 / Warning
Event Submitted/Written: 04/28/2008 09:57:21 PM / 04/28/2008 09:57:49 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type5217 / Warning
Event Submitted/Written: 04/28/2008 08:42:06 AM / 04/28/2008 08:42:33 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type5186 / Error
Event Submitted/Written: 04/28/2008 08:34:37 AM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer WinFax (Photo Quality) share name Printer.



-- End of Deckard's System Scanner: finished at 2008-04-29 07:23:42 ------------

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 03 May 2008 - 08:54 AM

Welcoming to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

Since you missed some directions posted above and pinned to the top of the forum, go ahead and read those first.

If you still need help, you have a marker in your log for this:
http://www.castlecops.com/tk44611-VideoData.html
Smitfraud is usually hidden, so if you still need help, we will look for the infection:

http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Post the C:\rapport.txt using Add Reply.

If you have resolved your isssue, post to let me know so I can close your topic.

Thanks

Since this is how the infections usually gets on a computer, you may want to view this information:
http://forums.spybot.info/showthread.php?t=7344

System Drive C: has 4.08 GiB (less than 15%) free. <<< this is a problem, would you do this:
Click MyComputer > Right click Local Disk (C: ) > Choose Properties > Tell me how much free space you have on Drive C.
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#4 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 10 May 2008 - 06:29 AM

There has been no response to this topic in a week
This topic is closed

Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users