Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection - Help?


  • This topic is locked This topic is locked
8 replies to this topic

#1 KarlZ2

KarlZ2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 09 May 2008 - 10:52 AM

My computer has been running really slowly. I tried running Spybot a couple times, but that didn't fix the problem.

main. txt
Deckard's System Scanner v20071014.68
Run by Karl Zipple on 2008-05-09 10:20:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
82: 2008-05-09 15:08:15 UTC - RP282 - Deckard's System Scanner Restore Point
81: 2008-05-09 15:03:28 UTC - RP281 - Spybot-S&D Spyware removal
80: 2008-05-09 04:21:17 UTC - RP280 - Spybot-S&D Spyware removal
79: 2008-05-09 04:19:33 UTC - RP279 - Spybot-S&D Spyware removal
78: 2008-05-09 03:45:13 UTC - RP278 - Spybot-S&D Spyware removal


-- First Restore Point --
1: 2008-02-10 02:48:54 UTC - RP201 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Karl Zipple.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-09 10:39:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\PharosSystems\Core\CTskMstr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\Karl Zipple\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3070430
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\Program Files\PharosSystems\Core\CTskMstr.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 6465 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\KARLZI~1\Desktop\LAPTOP~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20061116-203709-226 O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
backup-20061116-203714-337 O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
backup-20061116-203714-338 O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
backup-20061116-203714-899 O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
backup-20061116-203715-684 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
backup-20061116-203715-881 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
backup-20061118-113800-313 O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
backup-20061118-113801-681 O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
backup-20061118-113802-678 O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
backup-20061118-113802-917 O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Handspring\Hotsync.exe
backup-20061118-113803-949 O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
backup-20061123-110707-561 O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
backup-20070115-142941-951 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070115-142942-485 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070118-221352-171 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
backup-20070118-221354-818 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070118-221355-387 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070125-193052-100 O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
backup-20070125-193053-620 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070125-193055-432 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070301-201948-867 O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
backup-20070301-201949-183 O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
backup-20070301-201949-586 O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
backup-20070301-201950-592 O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
backup-20070301-201950-803 O4 - HKLM\..\Run: [System service75] C:\WINDOWS\\\etb\\pokapoka75.exe
backup-20070301-201950-959 O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
backup-20070301-201951-713 O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
backup-20070301-201951-722 O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
backup-20070301-201951-998 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
backup-20070301-201953-987 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
backup-20070404-194538-354 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
backup-20070404-194542-268 O23 - Service: ieupdater22 (Microsoft IEUpdater22) - Unknown owner - C:\Documents and Settings\Aileen Kang\ie_updater.exe
backup-20070417-134435-478 O4 - Global Startup: Free WebSite Tools.lnk = ?
backup-20070429-131706-491 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20070429-131707-610 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
backup-20070429-131707-702 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20070429-131708-113 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20070429-131708-675 O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
backup-20070429-131708-745 O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
backup-20070429-131709-413 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070429-131709-653 O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
backup-20070429-131710-720 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070429-131711-914 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
backup-20070501-132827-505 O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
backup-20070501-132829-874 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
backup-20070501-132830-980 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
backup-20070503-104454-624 O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
backup-20070606-154843-403 O2 - BHO: (no name) - {620EDE48-A49C-4D78-9404-4C182274E86E} - C:\WINDOWS\system32\ssqpo.dll (file missing)
backup-20070606-154843-564 O23 - Service: Distributed Link Compatibility (DBLCsvc) - Unknown owner - C:\WINDOWS\system32\mui\svchost.exe (file missing)
backup-20070622-131351-639 O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
backup-20070622-131353-433 O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
backup-20070622-131353-765 O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
backup-20070622-131354-446 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
backup-20070622-131355-841 O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
backup-20070622-131356-624 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
backup-20070622-131357-147 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070622-131358-332 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070622-131359-711 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070622-161655-693 O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
backup-20070627-140644-256 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20070718-155938-354 O2 - BHO: sosHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\wcczixp.dll
backup-20070718-155940-360 O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll
backup-20070718-155941-136 O4 - HKLM\..\Run: [Sysmppcv] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\SysTdSvr.dll",Start
backup-20070718-155941-341 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070718-155941-807 O4 - HKLM\..\Run: [hqghumeay] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\cdnprh.dll",Start
backup-20070718-155941-860 O4 - HKLM\..\Run: [TpdSysSvr] C:\WINDOWS\system32\\Rundll32.exe "C:\WINDOWS\system32\\ydiamw12.dll",DllCanUnloadNow
backup-20070720-113040-788 O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
backup-20070720-113041-188 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
backup-20070720-113043-159 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
backup-20070720-162437-891 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070722-144055-513 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070722-144057-404 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070803-141907-942 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070803-141909-951 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070817-151528-687 O20 - Winlogon Notify: awttq - C:\WINDOWS\system32\awttq.dll (file missing)
backup-20070817-151528-989 O2 - BHO: DosSpecFolder Object - {3496D13A-609A-407B-B181-8F47B4F28AE9} - C:\WINDOWS\system32\awttq.dll (file missing)
backup-20070824-145917-780 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
backup-20070904-160635-552 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
backup-20070904-160635-712 O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
backup-20070904-160635-789 O2 - BHO: (no name) - {B0CC5D65-BF2C-407A-A1F2-EB5A6149E5BE} - C:\WINDOWS\system32\geeba.dll (file missing)
backup-20070906-140054-698 O2 - BHO: (no name) - {5ffa22fe-6c3a-4e66-93e7-00320a8c8069} - C:\WINDOWS\system32\comtil.dll (file missing)
backup-20070906-140055-630 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20070913-141755-544 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
backup-20070913-141756-654 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
backup-20070913-151016-405 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20071001-154425-369 O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
backup-20071001-154426-209 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20071001-154426-840 O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
backup-20071001-154427-245 O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
backup-20071001-154427-552 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
backup-20071001-154427-632 O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
backup-20071001-154427-698 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20071001-154429-586 O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l4acdb2.dll
backup-20071001-154429-953 O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
backup-20071001-154430-220 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20071001-154430-581 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20071001-154430-911 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20071001-154431-101 O2 - BHO: (no name) - {AE178089-96AE-4D74-92A2-4BF673F84DA6} - C:\WINDOWS\system32\vtsqr.dll (file missing)
backup-20071001-154431-351 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20071001-154431-439 O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
backup-20071001-154431-949 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20071001-154432-480 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20071001-154432-535 O2 - BHO: 0 - {B5121D06-0168-402B-54B5-05D17BF3EEC0} - C:\Program Files\Online Services\quha.dll (file missing)
backup-20071001-154432-794 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20071001-154433-134 O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
backup-20071001-154433-220 O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\tuvuroo.dll (file missing)
backup-20071001-154433-391 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20071001-154433-456 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20071001-154433-470 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20071001-154434-158 O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
backup-20071001-154434-544 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20071001-154434-760 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20071001-154434-963 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20071001-154435-266 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
backup-20071001-154435-513 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20071001-154435-543 O4 - HKCU\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe"
backup-20071001-154435-550 O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
backup-20071001-154435-886 O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\jwqsfaht.dll",sitypnow
backup-20071001-154435-914 O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
backup-20071001-154436-371 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071001-154437-394 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20071001-154437-459 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20071001-154437-532 O20 - Winlogon Notify: tuvuroo - tuvuroo.dll (file missing)
backup-20071001-154437-905 O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
backup-20071001-154438-532 O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
backup-20080226-151843-248 O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
backup-20080411-140426-872 O1 - Hosts: ::1 localhost

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; PBA Driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 GTKCMOS - c:\windows\system32\gtkcmos.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 DataSvr2 - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 Pharos Systems ComTaskMaster - "c:\progra~1\pharos~1\core\ctskmstr.exe" <Not Verified; Pharos Systems International; PHAROS>
R2 tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - "c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.25\bin\tcsd_win32.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 19:08:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-08 20:39:07 0 d-------- C:\VundoFix Backups
2008-05-08 20:38:39 0 d-------- C:\!KillBox
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-07 16:28:53 0 d--h----- C:\Program Files\Zero G Registry
2008-05-07 16:28:53 0 d-------- C:\Program Files\NetLogo 4.0.2
2008-05-07 16:28:41 0 d--h----- C:\Documents and Settings\Karl Zipple\InstallAnywhere
2008-05-07 14:28:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-05-07 14:28:31 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Ableton
2008-05-04 19:45:59 0 d-------- C:\Program Files\iPod
2008-05-04 19:45:48 0 d-------- C:\Program Files\iTunes
2008-05-04 19:45:31 0 d-------- C:\Program Files\Bonjour
2008-05-01 14:05:02 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-01 13:56:28 0 d-------- C:\Program Files\Utherverse Digital Inc
2008-04-30 15:00:09 0 d-------- C:\WINDOWS\pss
2008-04-30 14:58:35 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Spybot - Search & Destroy
2008-04-27 16:47:12 0 d-------- C:\Program Files\Cloudbrain
2008-04-24 19:26:25 76644 --a------ C:\WINDOWS\War3Unin.dat
2008-04-24 19:26:24 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-24 19:26:24 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-23 20:59:15 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Argali
2008-04-19 12:36:16 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-19 10:43:01 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\DAEMON Tools
2008-04-19 10:41:04 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 19:04:25 0 d-------- C:\Documents and Setting


-- Find3M Report ---------------------------------------------------------------

2008-05-09 10:17:07 0 d-------- C:\Program Files\Warcraft III
2008-05-09 10:15:29 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-08 23:06:02 0 d-------- C:\Program Files\Common Files\Real
2008-05-08 23:05:23 0 d-------- C:\Program Files\Common Files
2008-05-08 23:03:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Real
2008-05-08 09:41:26 103 --a------ C:\WINDOWS\popcinfo.dat
2008-05-04 19:13:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Skype
2008-05-04 19:08:29 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\skypePM
2008-04-30 15:22:16 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\dvdcss
2008-04-30 09:32:48 0 d-------- C:\Program Files\PopCap Games
2008-04-30 09:32:33 0 d-------- C:\Program Files\WildGames
2008-04-25 16:46:05 1669 --a------ C:\WINDOWS\mozver.dat
2008-04-22 15:34:19 0 d-------- C:\Program Files\Diablo II
2008-04-22 15:34:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 09:20:30 0 d-------- C:\Program Files\BitComet
2008-04-20 10:26:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 20:12:30 0 d-------- C:\Program Files\Magic Workstation
2008-04-10 16:23:33 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Apple Computer
2008-04-10 11:05:31 0 d-------- C:\Program Files\QuickTime
2008-04-04 22:07:08 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Wizards of the Coast
2008-04-04 18:40:16 368640 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-31 17:23:24 0 d-------- C:\Program Files\Trend Micro
2008-03-29 10:05:51 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM
2008-03-29 10:04:27 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM Pro
2008-03-18 19:23:20 154 --a------ C:\WINDOWS\popcinfot.dat
2008-03-11 15:23:05 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EndNote
2008-03-11 15:17:45 0 d-------- C:\Program Files\EndNote X
2008-03-11 15:15:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 15:14:40 0 d-------- C:\Program Files\EndNoteX
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF5.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF4.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF3.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF2.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF0.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEF.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEE.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BED.DLL <Not Verified; Pharos Systems International; PHAROS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 04:17 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f47b13-5ce3-11dc-86bb-0019b96952d2}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f48ebedc-56f1-11dc-86b7-0019b96952d2}]
AutoRun\command- Installer.exe




-- End of Deckard's System Scanner: finished at 2008-05-09 10:42:48 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1014.05 MiB / 521.29 MiB
Pagefile Memory (total/avail): 2439.86 MiB / 2076.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.31 MiB

C: is Fixed (NTFS) - 93.1 GiB total, 58.59 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9SA00 - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 93.1 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\Documents and Settings\\Karl Zipple\\Local Settings\\Temp\\InStream20070913\\InStream.app\\InStream.exe"="C:\\Documents and Settings\\Karl Zipple\\Local Settings\\Temp\\InStream20070913\\InStream.app\\InStream.exe:*:Enabled:InStream.app/InStream"
"C:\\Documents and Settings\\Karl Zipple\\Local Settings\\Temp\\InStream20080121\\InStream.app\\InStream.exe"="C:\\Documents and Settings\\Karl Zipple\\Local Settings\\Temp\\InStream20080121\\InStream.app\\InStream.exe:*:Enabled:InStream.app/InStream"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\ApprenticeTesting\\TestDeck\\Appr.exe"="E:\\ApprenticeTesting\\TestDeck\\Appr.exe:*:Enabled:Appr"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"E:\\D\\BitComet\\Downloads\\zuma+luxor+atlantis+crack\\Zuma_Deluxe+Working_Crack\\Zuma Deluxe\\Zuma.exe"="E:\\D\\BitComet\\Downloads\\zuma+luxor+atlantis+crack\\Zuma_Deluxe+Working_Crack\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"E:\\ApprenticeTesting\\Gauntlet\\Appr.exe"="E:\\ApprenticeTesting\\Gauntlet\\Appr.exe:*:Enabled:Appr"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Maple 8\\bin.win\\mserver.exe"="C:\\Program Files\\Maple 8\\bin.win\\mserver.exe:*:Enabled:mserver"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\magicg\\Magic\\Manalink.exe"="C:\\Documents and Settings\\Karl Zipple\\Desktop\\magicg\\Magic\\Manalink.exe:*:Enabled:manalink"
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\AoE\\age2_x1.exe"="C:\\Documents and Settings\\Karl Zipple\\Desktop\\AoE\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Java\\jdk1.6.0_02\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_02\\jre\\bin\\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Magic Workstation\\MWSPlay.exe"="C:\\Program Files\\Magic Workstation\\MWSPlay.exe:*:Enabled:Magic Workstation Play Module"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Apprentice\\Appr.exe"="C:\\Program Files\\Apprentice\\Appr.exe:*:Enabled:Appr"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\AoE\\empires2.exe"="C:\\Documents and Settings\\Karl Zipple\\Desktop\\AoE\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"="C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe:*:Enabled:Pharos Com Task Master "
"C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\MWS Testing\\Test\\MWSPlay.exe"="C:\\Documents and Settings\\Karl Zipple\\Desktop\\MWS Testing\\Test\\MWSPlay.exe:*:Enabled:Magic Workstation Play Module"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Karl Zipple\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KARL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Karl Zipple
INCLUDE=C:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\include\
LIB=C:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\Lib\
LOGONSERVER=\\KARL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\MiKTeX 2.6\miktex\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\PharosSystems\OutputManagement;C:\Program Files\PharosSystems\Core;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KARLZI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KARLZI~1\LOCALS~1\Temp
USERDOMAIN=KARL
USERNAME=Karl Zipple
USERPROFILE=C:\Documents and Settings\Karl Zipple
VSCOMNTOOLS="C:\Program Files\Microsoft Visual Studio .NET\Common7\Tools\"
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Karl Zipple (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Alchemy 1.2 --> C:\Program Files\PopCap Games\Alchemy\UnGins.exe "C:\Program Files\PopCap Games\Alchemy\install.log"
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Amazing Adventures The Lost Tomb 1.0.0.2 --> C:\Program Files\PopCap Games\Amazing Adventures\PopUninstall.exe "C:\Program Files\PopCap Games\Amazing Adventures\Install.log"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
biolsp patch --> MsiExec.exe /I{E6095BEA-8C97-4342-B771-13BB72AC1D88}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bookworm Adventures Deluxe 1.0 --> C:\Program Files\PopCap Games\Bookworm Adventures Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bookworm Adventures Deluxe\Install.log"
Broadcom Advanced Control Suite --> MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Camtasia Studio 5 --> MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Document Manager Lite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
EMBASSY Security Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}
EMBASSY Trust Suite by Wave Systems --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
EndNote X Volume License Edition --> MsiExec.exe /I{FE4BD9BD-4A26-4F39-B12C-19336204B102}
ETS Launch Pad --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3} /l1033
ETS Upgrade --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{72FECEA1-E87F-4192-89FA-D0FBF92885BB}
Feeding Frenzy 2 --> C:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
FixTunes (remove only) --> "C:\Program Files\Cloudbrain\FixTunes\uninstall.exe"
FUJIFILM FinePixViewer S Ver.2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE" -l0x9
Game Console - WildGames --> "C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Documents and Settings\Karl Zipple\Desktop\Laptop ER\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internet Service --> "C:\Program Files\NetProject\waun.exe"
iPodCopy --> MsiExec.exe /I{E4B5BD1B-F41E-44A8-887B-590E0A708B09}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic Online --> C:\Program Files\Wizards of the Coast\Magic Online\magic.exe -u
Magic Online III --> C:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic Workstation 0.94f --> "C:\Documents and Settings\Karl Zipple\Desktop\MWS Testing\Test\unins000.exe"
Maple 8 --> "C:\Program Files\Maple 8\Uninstall\Uninstall Maple 8.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio .NET Academic - English --> "C:\Program Files\Microsoft Visual Studio .NET\Setup\Visual Studio .NET Academic - English\setup.exe" /MaintMode
MiKTeX 2.6 --> "C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MTG GamePack for Magic Workstation --> "C:\Documents and Settings\Karl Zipple\Desktop\MWS Testing\Test\unins001.exe"
Mummy Maze Deluxe 1.1 --> C:\Program Files\PopCap Games\Mummy Maze Deluxe\UnGins.exe "C:\Program Files\PopCap Games\Mummy Maze Deluxe\install.log"
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
myTunes Redux 1.0 --> "C:\Program Files\myTunes Redux\unins000.exe"
NetBeans IDE 5.5.1 --> C:\Program Files\netbeans-5.5.1\_uninst\uninstaller.exe
NetLogo 4.0.2 --> "C:\Program Files\NetLogo 4.0.2\UninstallerData\Uninstall NetLogo.exe"
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NTRU Hybrid TSS v2.0.25 --> MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
Peggle (remove only) --> C:\Program Files\Peggle\Uninstall.exe
Pharos --> C:\PROGRA~1\Pharos\bin\Local.EXE
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Preboot Manager --> MsiExec.exe /I{EE2EE62C-E27D-486A-AF6D-FA4A06E67476}
Private Information Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809} /l1033
Python 2.5.2 --> MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rocket Mania Deluxe 1.01 --> C:\Program Files\PopCap Games\Rocket Mania Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Rocket Mania Deluxe\Install.log"
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
Secure Update --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} /l1033
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Wizards --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1033
Serious Sam: The First Encounter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815050E5-F545-11D4-9569-004095812ACC}\Setup.exe"
Seven Seas Deluxe 1.13 --> C:\Program Files\PopCap Games\Seven Seas Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Seven Seas Deluxe\Install.log
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Super Collapse! 3 --> C:\PROGRA~1\GAMEHO~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SUPERC~1\INSTALL.LOG
Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
TeXnicCenter Version 1 Beta 7.01 (Greengrass) --> "C:\Program Files\TeXnicCenter\unins000.exe"
upekmsi --> MsiExec.exe /I{BE40EC9E-9466-4288-916D-C1D6C13F4A40}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Venice Deluxe 1.0 --> C:\Program Files\PopCap Games\Venice Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Venice Deluxe\Install.log"
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Wave Infrastructure Installer --> MsiExec.exe /I{CDD4761A-3D3F-4487-9AAF-7855A36E0D31}
Wave Support Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{07D618CD-B016-438A-ADC9-A75BD23F85CE} /l1033
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3625 / Warning
Event Submitted/Written: 05/09/2008 10:14:06 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type3624 / Warning
Event Submitted/Written: 05/09/2008 10:14:06 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type3623 / Warning
Event Submitted/Written: 05/09/2008 10:14:06 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type3622 / Warning
Event Submitted/Written: 05/09/2008 10:14:06 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type3615 / Warning
Event Submitted/Written: 05/09/2008 10:13:12 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37610 / Warning
Event Submitted/Written: 05/09/2008 10:16:07 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00197E44ABAD. The IP address being used is 169.254.205.212.

Event Record #/Type37523 / Warning
Event Submitted/Written: 05/08/2008 10:52:24 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00197E44ABAD. The IP address being used is 169.254.205.212.

Event Record #/Type37439 / Warning
Event Submitted/Written: 05/08/2008 08:12:42 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00197E44ABAD. The IP address being used is 169.254.205.212.

Event Record #/Type37389 / Warning
Event Submitted/Written: 05/08/2008 07:30:41 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00197E44ABAD. The IP address being used is 169.254.205.212.

Event Record #/Type37370 / Warning
Event Submitted/Written: 05/08/2008 07:24:09 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00197E44ABAD. The IP address being used is 169.254.205.212.



-- End of Deckard's System Scanner: finished at 2008-05-09 10:42:48 ------------

Thanks!

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 AM

Posted 09 May 2008 - 05:31 PM

Hello KarlZ2,

Welcome to Bleeping Computer :thumbsup:

Good heavens! :thumbsup: How long have you been dealing with this? Has this computer been put up somewhere for a long time? Those logs show infections we haven't seen in not months, but years now. :)

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 KarlZ2

KarlZ2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 09 May 2008 - 07:03 PM

I did those things. They don't seem to have entirely worked...things still run really slowly. I only started having this problem yesterday, so the infections must be new. Sounds weird though. Thanks again for your help.
New logs:

Deckard's System Scanner v20071014.68
Run by Karl Zipple on 2008-05-09 18:43:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).


-- HijackThis (run as Karl Zipple.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-09 18:43:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\PharosSystems\Core\CTskMstr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Office\Office10\MSTORDB.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Karl Zipple\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3070430
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\Program Files\PharosSystems\Core\CTskMstr.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 6491 bytes

-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 18:16:37 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Malwarebytes
2008-05-09 18:16:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 18:16:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 20:39:07 0 d-------- C:\VundoFix Backups
2008-05-08 20:38:39 0 d-------- C:\!KillBox
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-07 16:28:53 0 d--h----- C:\Program Files\Zero G Registry
2008-05-07 16:28:53 0 d-------- C:\Program Files\NetLogo 4.0.2
2008-05-07 16:28:41 0 d--h----- C:\Documents and Settings\Karl Zipple\InstallAnywhere
2008-05-07 14:28:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-05-07 14:28:31 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Ableton
2008-05-04 19:45:59 0 d-------- C:\Program Files\iPod
2008-05-04 19:45:48 0 d-------- C:\Program Files\iTunes
2008-05-04 19:45:31 0 d-------- C:\Program Files\Bonjour
2008-05-01 14:05:02 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-01 13:56:28 0 d-------- C:\Program Files\Utherverse Digital Inc
2008-04-30 15:00:09 0 d-------- C:\WINDOWS\pss
2008-04-30 14:58:35 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Spybot - Search & Destroy
2008-04-27 16:47:12 0 d-------- C:\Program Files\Cloudbrain
2008-04-24 19:26:25 76644 --a------ C:\WINDOWS\War3Unin.dat
2008-04-24 19:26:24 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-24 19:26:24 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-23 20:59:15 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Argali
2008-04-19 12:36:16 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-19 10:43:01 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\DAEMON Tools
2008-04-19 10:41:04 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 19:04:25 0 d-------- C:\Documents and Setting


-- Find3M Report ---------------------------------------------------------------

2008-05-09 18:26:51 103 --a------ C:\WINDOWS\popcinfo.dat
2008-05-09 10:17:07 0 d-------- C:\Program Files\Warcraft III
2008-05-09 10:15:29 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-08 23:06:02 0 d-------- C:\Program Files\Common Files\Real
2008-05-08 23:05:23 0 d-------- C:\Program Files\Common Files
2008-05-08 23:03:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Real
2008-05-04 19:13:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Skype
2008-05-04 19:08:29 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\skypePM
2008-04-30 15:22:16 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\dvdcss
2008-04-30 09:32:48 0 d-------- C:\Program Files\PopCap Games
2008-04-30 09:32:33 0 d-------- C:\Program Files\WildGames
2008-04-25 16:46:05 1669 --a------ C:\WINDOWS\mozver.dat
2008-04-22 15:34:19 0 d-------- C:\Program Files\Diablo II
2008-04-22 15:34:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 09:20:30 0 d-------- C:\Program Files\BitComet
2008-04-20 10:26:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 20:12:30 0 d-------- C:\Program Files\Magic Workstation
2008-04-10 16:23:33 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Apple Computer
2008-04-10 11:05:31 0 d-------- C:\Program Files\QuickTime
2008-04-04 22:07:08 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Wizards of the Coast
2008-04-04 18:40:16 368640 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-31 17:23:24 0 d-------- C:\Program Files\Trend Micro
2008-03-29 10:05:51 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM
2008-03-29 10:04:27 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM Pro
2008-03-18 19:23:20 154 --a------ C:\WINDOWS\popcinfot.dat
2008-03-11 15:23:05 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EndNote
2008-03-11 15:17:45 0 d-------- C:\Program Files\EndNote X
2008-03-11 15:15:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 15:14:40 0 d-------- C:\Program Files\EndNoteX
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF5.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF4.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF3.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF2.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF0.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEF.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEE.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BED.DLL <Not Verified; Pharos Systems International; PHAROS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 04:17 PM C:\Program Files\AIM6\aim6.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f47b13-5ce3-11dc-86bb-0019b96952d2}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f48ebedc-56f1-11dc-86b7-0019b96952d2}]
AutoRun\command- Installer.exe




-- End of Deckard's System Scanner: finished at 2008-05-09 18:48:28 ------------

Malwarebytes' Anti-Malware 1.12
Database version: 737

Scan type: Quick Scan
Objects scanned: 35461
Time elapsed: 23 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\375013\375013.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 AM

Posted 09 May 2008 - 07:19 PM

Hello,

No, I didn't expect to get it all in one shot. :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 KarlZ2

KarlZ2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 10 May 2008 - 08:56 AM

Here you go. Is it weird that the first time I ran ComboFix it stalled at the first stage and I had to reboot and run it again?

Deckard's System Scanner v20071014.68
Run by Karl Zipple on 2008-05-10 08:53:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Karl Zipple.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-10 08:53:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\PharosSystems\Core\CTskMstr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Karl Zipple\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3070430
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\Program Files\PharosSystems\Core\CTskMstr.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 6333 bytes

-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-09 21:00:35 68096 --a------ C:\WINDOWS\zip.exe
2008-05-09 21:00:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-09 21:00:35 98816 --a------ C:\WINDOWS\sed.exe
2008-05-09 21:00:35 80412 --a------ C:\WINDOWS\grep.exe
2008-05-09 21:00:35 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-09 21:00:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-09 21:00:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-09 21:00:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-09 18:16:37 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Malwarebytes
2008-05-09 18:16:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 18:16:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 20:39:07 0 d-------- C:\VundoFix Backups
2008-05-08 20:38:39 0 d-------- C:\!KillBox
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-07 16:28:53 0 d--h----- C:\Program Files\Zero G Registry
2008-05-07 16:28:53 0 d-------- C:\Program Files\NetLogo 4.0.2
2008-05-07 16:28:41 0 d--h----- C:\Documents and Settings\Karl Zipple\InstallAnywhere
2008-05-07 14:28:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-05-07 14:28:31 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Ableton
2008-05-04 19:45:59 0 d-------- C:\Program Files\iPod
2008-05-04 19:45:48 0 d-------- C:\Program Files\iTunes
2008-05-04 19:45:31 0 d-------- C:\Program Files\Bonjour
2008-05-01 14:05:02 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-01 13:56:28 0 d-------- C:\Program Files\Utherverse Digital Inc
2008-04-30 15:00:09 0 d-------- C:\WINDOWS\pss
2008-04-30 14:58:35 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Spybot - Search & Destroy
2008-04-27 16:47:12 0 d-------- C:\Program Files\Cloudbrain
2008-04-24 19:26:25 76644 --a------ C:\WINDOWS\War3Unin.dat
2008-04-24 19:26:24 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-24 19:26:24 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-23 20:59:15 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Argali
2008-04-19 12:36:16 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-19 10:43:01 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\DAEMON Tools
2008-04-19 10:41:04 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 19:04:25 0 d-------- C:\Documents and Setting


-- Find3M Report ---------------------------------------------------------------

2008-05-10 08:47:01 0 d-------- C:\Program Files\Common Files\AOL
2008-05-10 08:43:30 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-09 20:49:18 103 --a------ C:\WINDOWS\popcinfo.dat
2008-05-09 18:59:27 0 d-------- C:\Program Files\Warcraft III
2008-05-08 23:06:02 0 d-------- C:\Program Files\Common Files\Real
2008-05-08 23:05:23 0 d-------- C:\Program Files\Common Files
2008-05-08 23:03:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Real
2008-05-04 19:13:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Skype
2008-05-04 19:08:29 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\skypePM
2008-04-30 15:22:16 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\dvdcss
2008-04-30 09:32:48 0 d-------- C:\Program Files\PopCap Games
2008-04-30 09:32:33 0 d-------- C:\Program Files\WildGames
2008-04-25 16:46:05 1669 --a------ C:\WINDOWS\mozver.dat
2008-04-22 15:34:19 0 d-------- C:\Program Files\Diablo II
2008-04-22 15:34:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 09:20:30 0 d-------- C:\Program Files\BitComet
2008-04-20 10:26:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 20:12:30 0 d-------- C:\Program Files\Magic Workstation
2008-04-10 16:23:33 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Apple Computer
2008-04-10 11:05:31 0 d-------- C:\Program Files\QuickTime
2008-04-04 22:07:08 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Wizards of the Coast
2008-04-04 18:40:16 368640 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-31 17:23:24 0 d-------- C:\Program Files\Trend Micro
2008-03-29 10:05:51 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM
2008-03-29 10:04:27 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM Pro
2008-03-18 19:23:20 154 --a------ C:\WINDOWS\popcinfot.dat
2008-03-11 15:23:05 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EndNote
2008-03-11 15:17:45 0 d-------- C:\Program Files\EndNote X
2008-03-11 15:15:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 15:14:40 0 d-------- C:\Program Files\EndNoteX
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF5.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF4.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF3.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF2.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF0.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEF.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEE.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BED.DLL <Not Verified; Pharos Systems International; PHAROS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"AOLRebootNeeded"=regsvr32.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f47b13-5ce3-11dc-86bb-0019b96952d2}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f48ebedc-56f1-11dc-86b7-0019b96952d2}]
AutoRun\command- Installer.exe




-- End of Deckard's System Scanner: finished at 2008-05-10 08:54:31 ------------

ComboFix 08-05-08.1 - Karl Zipple 2008-05-10 8:34:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT -5:00]
Running from: C:\Documents and Settings\Karl Zipple\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-09 18:16 . 2008-05-09 18:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 18:16 . 2008-05-09 18:16 <DIR> d-------- C:\Documents and Settings\Karl Zipple\Application Data\Malwarebytes
2008-05-09 18:16 . 2008-05-09 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 18:16 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 18:16 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-09 10:07 . 2008-05-09 10:07 <DIR> d-------- C:\Deckard
2008-05-08 20:39 . 2008-05-08 20:39 <DIR> d-------- C:\VundoFix Backups
2008-05-08 20:38 . 2008-05-08 20:38 <DIR> d-------- C:\!KillBox
2008-05-08 13:32 . 2008-05-08 20:36 <DIR> d-------- C:\Documents and Settings\Karl Zipple\Application Data\SiteAdvisor
2008-05-08 13:32 . 2008-05-08 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-08 13:32 . 2008-05-08 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-07 16:28 . 2008-05-07 16:29 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-05-07 16:28 . 2008-05-07 16:32 <DIR> d-------- C:\Program Files\NetLogo 4.0.2
2008-05-07 16:28 . 2008-05-07 16:28 <DIR> d--h----- C:\Documents and Settings\Karl Zipple\InstallAnywhere
2008-05-07 14:28 . 2008-05-07 14:28 <DIR> d-------- C:\Documents and Settings\Karl Zipple\Application Data\Ableton
2008-05-07 14:28 . 2008-05-07 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-05-04 19:45 . 2008-05-04 19:46 <DIR> d-------- C:\Program Files\iTunes
2008-05-04 19:45 . 2008-05-04 19:45 <DIR> d-------- C:\Program Files\iPod
2008-05-04 19:45 . 2008-05-04 19:45 <DIR> d-------- C:\Program Files\Bonjour
2008-05-01 14:05 . 2008-05-01 14:05 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-01 13:56 . 2008-05-01 13:56 <DIR> d-------- C:\Program Files\Utherverse Digital Inc
2008-04-30 14:58 . 2008-04-30 15:01 <DIR> d-------- C:\Documents and Settings\Karl Zipple\Application Data\Spybot - Search & Destroy
2008-04-27 16:47 . 2008-04-27 16:47 <DIR> d-------- C:\Program Files\Cloudbrain
2008-04-24 19:26 . 2008-04-25 11:34 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-04-24 19:26 . 2008-04-25 11:36 76,644 --a------ C:\WINDOWS\War3Unin.dat
2008-04-24 19:26 . 2008-04-25 11:34 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-23 20:59 . 2008-04-23 21:02 <DIR> d-------- C:\Documents and Settings\Karl Zipple\Application Data\Argali
2008-04-19 12:36 . 2008-04-20 19:43 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-19 10:43 . 2008-04-19 10:43 <DIR> d-------- C:\Documents and Settings\Karl Zipple\Application Data\DAEMON Tools
2008-04-19 10:41 . 2008-04-19 12:33 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 19:04 . 2008-04-15 19:05 <DIR> d-------- C:\Documents and Setting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 13:39 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-09 23:59 --------- d-----w C:\Program Files\Warcraft III
2008-05-09 04:06 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 00:13 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\Skype
2008-05-05 00:08 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\skypePM
2008-04-30 20:22 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\dvdcss
2008-04-30 14:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 14:32 --------- d-----w C:\Program Files\WildGames
2008-04-30 14:32 --------- d-----w C:\Program Files\PopCap Games
2008-04-30 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-22 20:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-22 20:34 --------- d-----w C:\Program Files\Diablo II
2008-04-21 14:20 --------- d-----w C:\Program Files\BitComet
2008-04-15 01:12 --------- d-----w C:\Program Files\Magic Workstation
2008-04-10 21:23 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\Apple Computer
2008-04-10 16:05 --------- d-----w C:\Program Files\QuickTime
2008-04-05 03:07 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\Wizards of the Coast
2008-04-04 23:40 368,640 ----a-w C:\WINDOWS\system32\rewire.dll
2008-03-31 22:23 --------- d-----w C:\Program Files\Trend Micro
2008-03-29 15:05 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM
2008-03-29 15:04 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM Pro
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-11 20:23 --------- d-----w C:\Documents and Settings\Karl Zipple\Application Data\EndNote
2008-03-11 20:17 --------- d-----w C:\Program Files\EndNote X
2008-03-11 20:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 20:14 --------- d-----w C:\Program Files\EndNoteX
2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BF5.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BF4.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BF3.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BF2.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BF1.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BF0.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BEF.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BEE.DLL
2008-02-20 20:22 11,264 ----a-w C:\WINDOWS\system32\PSS53BED.DLL
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-26 03:52 22,880 ----a-w C:\Documents and Settings\Karl Zipple\Application Data\GDIPFONTCACHEV1.DAT
2007-12-10 03:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-04 16:18 13 ----a-w C:\Documents and Settings\Karl Zipple\bs.dat
2007-06-08 15:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007060820070609\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AOLRebootNeeded"="regsvr32.exe" [2004-08-04 05:00 11776 C:\WINDOWS\system32\regsvr32.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Maple 8\\bin.win\\mserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\magicg\\Magic\\Manalink.exe"=
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\AoE\\age2_x1.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_02\\jre\\bin\\java.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Magic Workstation\\MWSPlay.exe"=
"C:\\Program Files\\Apprentice\\Appr.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\AoE\\empires2.exe"=
"C:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\Documents and Settings\\Karl Zipple\\Desktop\\MWS Testing\\Test\\MWSPlay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11112:TCP"= 11112:TCP:BitComet 11112 TCP
"11112:UDP"= 11112:UDP:BitComet 11112 UDP
"22474:TCP"= 22474:TCP:BitComet 22474 TCP
"22474:UDP"= 22474:UDP:BitComet 22474 UDP
"25991:TCP"= 25991:TCP:BitComet 25991 TCP
"25991:UDP"= 25991:UDP:BitComet 25991 UDP
"27720:TCP"= 27720:TCP:BitComet 27720 TCP
"27720:UDP"= 27720:UDP:BitComet 27720 UDP
"9704:TCP"= 9704:TCP:BitComet 9704 TCP
"9704:UDP"= 9704:UDP:BitComet 9704 UDP
"27229:TCP"= 27229:TCP:BitComet 27229 TCP
"27229:UDP"= 27229:UDP:BitComet 27229 UDP
"8314:TCP"= 8314:TCP:BitComet 8314 TCP
"8314:UDP"= 8314:UDP:BitComet 8314 UDP
"13632:TCP"= 13632:TCP:BitComet 13632 TCP
"13632:UDP"= 13632:UDP:BitComet 13632 UDP
"14248:TCP"= 14248:TCP:BitComet 14248 TCP
"14248:UDP"= 14248:UDP:BitComet 14248 UDP
"19534:TCP"= 19534:TCP:BitComet 19534 TCP
"19534:UDP"= 19534:UDP:BitComet 19534 UDP
"6667:TCP"= 6667:TCP:6667
"6667:UDP"= 6667:UDP:6667

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
S3 GTKCMOS;GTKCMOS;C:\WINDOWS\system32\GTKCMOS.sys [2004-06-15 14:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f47b13-5ce3-11dc-86bb-0019b96952d2}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f48ebedc-56f1-11dc-86b7-0019b96952d2}]
\Shell\AutoRun\command - Installer.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 00:08:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 08:40:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc24.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\DOCUME~1\KARLZI~1\LOCALS~1\temp\A~NSISu_.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-05-10 8:47:55 - machine was rebooted [Karl Zipple]
ComboFix-quarantined-files.txt 2008-05-10 13:47:49

Pre-Run: 64,656,785,408 bytes free
Post-Run: 64,554,237,952 bytes free

209 --- E O F --- 2008-04-11 13:00:23

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 AM

Posted 10 May 2008 - 06:52 PM

Nothing there.....how is it running please? You sure did fix a lot with HijackThis. I haven't looked through every bit of it, but enough to see you have legit programs stopped. Are you sure you haven't fixed something essential that's contributed to your problem?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 KarlZ2

KarlZ2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 11 May 2008 - 11:41 AM

It ran great for about four hours, wherein I did nothing unusual. I came back from dinner...and it appeared to have the same problems. I haven't done anything else to fix it since then. I don't know if its different, but here's the new HJT log:
Deckard's System Scanner v20071014.68
Run by Karl Zipple on 2008-05-11 11:12:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Karl Zipple.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-11 11:12:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\PharosSystems\Core\CTskMstr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Karl Zipple\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3070430
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\Program Files\PharosSystems\Core\CTskMstr.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 6221 bytes

-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-10 20:52:35 169 --a------ C:\Start_.cmd
2008-05-10 09:54:14 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Magic Set Editor
2008-05-10 09:53:35 0 d-------- C:\Program Files\Magic Set Editor 2
2008-05-09 21:00:35 68096 --a------ C:\WINDOWS\zip.exe
2008-05-09 21:00:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-09 21:00:35 98816 --a------ C:\WINDOWS\sed.exe
2008-05-09 21:00:35 80412 --a------ C:\WINDOWS\grep.exe
2008-05-09 21:00:35 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-09 21:00:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-09 21:00:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-09 21:00:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-09 18:16:37 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Malwarebytes
2008-05-09 18:16:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 18:16:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 20:39:07 0 d-------- C:\VundoFix Backups
2008-05-08 20:38:39 0 d-------- C:\!KillBox
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-08 13:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-07 16:28:53 0 d--h----- C:\Program Files\Zero G Registry
2008-05-07 16:28:53 0 d-------- C:\Program Files\NetLogo 4.0.2
2008-05-07 16:28:41 0 d--h----- C:\Documents and Settings\Karl Zipple\InstallAnywhere
2008-05-07 14:28:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-05-07 14:28:31 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Ableton
2008-05-04 19:45:59 0 d-------- C:\Program Files\iPod
2008-05-04 19:45:48 0 d-------- C:\Program Files\iTunes
2008-05-04 19:45:31 0 d-------- C:\Program Files\Bonjour
2008-05-01 14:05:02 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-01 13:56:28 0 d-------- C:\Program Files\Utherverse Digital Inc
2008-04-30 15:00:09 0 d-------- C:\WINDOWS\pss
2008-04-30 14:58:35 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Spybot - Search & Destroy
2008-04-27 16:47:12 0 d-------- C:\Program Files\Cloudbrain
2008-04-24 19:26:25 76644 --a------ C:\WINDOWS\War3Unin.dat
2008-04-24 19:26:24 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-24 19:26:24 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-23 20:59:15 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Argali
2008-04-19 12:36:16 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-19 10:43:01 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\DAEMON Tools
2008-04-19 10:41:04 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 19:04:25 0 d-------- C:\Documents and Setting


-- Find3M Report ---------------------------------------------------------------

2008-05-11 10:49:48 0 d-------- C:\Program Files\Warcraft III
2008-05-11 10:15:16 103 --a------ C:\WINDOWS\popcinfo.dat
2008-05-10 20:52:33 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-10 20:29:06 0 d-------- C:\Program Files\Common Files
2008-05-08 23:06:02 0 d-------- C:\Program Files\Common Files\Real
2008-05-08 23:03:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Real
2008-05-04 19:13:58 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Skype
2008-05-04 19:08:29 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\skypePM
2008-04-30 15:22:16 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\dvdcss
2008-04-30 09:32:48 0 d-------- C:\Program Files\PopCap Games
2008-04-30 09:32:33 0 d-------- C:\Program Files\WildGames
2008-04-25 16:46:05 1669 --a------ C:\WINDOWS\mozver.dat
2008-04-22 15:34:19 0 d-------- C:\Program Files\Diablo II
2008-04-22 15:34:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-21 09:20:30 0 d-------- C:\Program Files\BitComet
2008-04-20 10:26:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 20:12:30 0 d-------- C:\Program Files\Magic Workstation
2008-04-10 16:23:33 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Apple Computer
2008-04-10 11:05:31 0 d-------- C:\Program Files\QuickTime
2008-04-04 22:07:08 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\Wizards of the Coast
2008-04-04 18:40:16 368640 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-31 17:23:24 0 d-------- C:\Program Files\Trend Micro
2008-03-29 10:05:51 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM
2008-03-29 10:04:27 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EssentialPIM Pro
2008-03-18 19:23:20 154 --a------ C:\WINDOWS\popcinfot.dat
2008-03-11 15:23:05 0 d-------- C:\Documents and Settings\Karl Zipple\Application Data\EndNote
2008-03-11 15:17:45 0 d-------- C:\Program Files\EndNote X
2008-03-11 15:15:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 15:14:40 0 d-------- C:\Program Files\EndNoteX
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF5.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF4.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF3.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF2.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF1.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BF0.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEF.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BEE.DLL <Not Verified; Pharos Systems International; PHAROS>
2008-02-20 15:22:07 11264 --a------ C:\WINDOWS\system32\PSS53BED.DLL <Not Verified; Pharos Systems International; PHAROS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f47b13-5ce3-11dc-86bb-0019b96952d2}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f48ebedc-56f1-11dc-86b7-0019b96952d2}]
AutoRun\command- Installer.exe




-- End of Deckard's System Scanner: finished at 2008-05-11 11:16:55 ------------

Thanks for your continued help.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 AM

Posted 11 May 2008 - 12:25 PM

Hello there,

You had so much going on with malware......I honestly don't know if that has caused the continuing problems, or if you have a problem with software clashing somewhere. Have you tried checking the services one by one to see if that tells you anything?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:01 AM

Posted 23 May 2008 - 07:59 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users