Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Dee Woo


  • This topic is locked This topic is locked
3 replies to this topic

#1 Muzzy45

Muzzy45

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 May 2008 - 11:42 PM

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-14 23:37:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 89% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-14 23:39:28
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE
C:\Program Files\ThinkPad\Utilities\TPHKMGR.EXE
C:\WINNT\system32\prpcui.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\LexmarkX83\ACMonitor_X83.exe
C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Dantz\Retrospect Express HD\RetroExpress.exe
C:\WINNT\MXOALDR.EXE
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\winvi\wupda.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\deskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{31-15-50-03-DW}] c:\winnt\system32\jmwnw64m.exe DWramFF
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Administrator\Application Data\Deskbar_{6B396F16-50DF-4cef-9F51-02AAA0DB02DD}\starter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} () - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8278.7250694444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9D14AC8-D947-4E9C-A8F5-359B0D702618}: NameServer = 209.253.171.61,209.253.171.62
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe


--
End of file - 9630 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NaiFsRec - c:\winnt\system32\drivers\naifsrec.sys
R0 ROFF - c:\winnt\system32\drivers\roff.sys <Not Verified; Dantz Development Corporation; ROFF™>
R1 MPFIREWL - c:\winnt\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R1 ndisipp - c:\winnt\system32\drivers\ndisipp.sys
R1 Smapint - c:\winnt\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\winnt\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\winnt\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\winnt\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 PMEM - c:\winnt\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 PRPC - c:\winnt\system32\drivers\prpc.sys <Not Verified; Intel Corp.; Intel® SpeedStep™ technology applet>
R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\winnt\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 NaiFiltr - c:\program files\mcafee.com\vso\naifiltr.sys

S2 P2k (Motorola USB Device) - c:\winnt\system32\drivers\p2k.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; Networks Associates Technology. Inc.; McAfee SpamKiller>
R2 RetroExpLauncher (Retrospect Express HD Launcher) - c:\progra~1\dantz\retros~1\retrorun.exe <Not Verified; Dantz Development Corporation; Retrospect>

S2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe
S2 RetroExp Helper (Retrospect Express HD Restore Helper) - "c:\progra~1\dantz\retros~1\rthlpsvc.exe" <Not Verified; Dantz Development Corporation; Retrospect>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola USB Modem
Device ID: ROOT\MODEM\0002
Manufacturer: %Motorola%
Name: Motorola USB Modem #2
PNP Device ID: ROOT\MODEM\0002
Service: Modem

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola USB Modem
Device ID: ROOT\UNKNOWN\0000
Manufacturer: %Motorola%
Name: Motorola USB Modem
PNP Device ID: ROOT\UNKNOWN\0000
Service: Modem

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola USB Modem
Device ID: ROOT\UNKNOWN\0001
Manufacturer: %Motorola%
Name: Motorola USB Modem #3
PNP Device ID: ROOT\UNKNOWN\0001
Service: Modem


-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 23:23:20 492 --a------ C:\WINNT\Tasks\McAfee.com Update Check (JEFFREY-P17U27N-Administrator).job


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 23:19:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4c8.dat
2008-05-14 23:19:04 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5ec.dat
2008-05-14 10:07:35 68096 --a------ C:\WINNT\zip.exe
2008-05-14 10:07:35 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-14 10:07:35 98816 --a------ C:\WINNT\sed.exe
2008-05-14 10:07:35 80412 --a------ C:\WINNT\grep.exe
2008-05-14 10:07:35 73728 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-14 10:07:34 49152 --a------ C:\WINNT\VFind.exe
2008-05-14 10:07:34 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-14 10:07:34 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-13 20:17:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-05-13 20:17:46 24576 --a------ C:\WINNT\system32\MpfApi.dll <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
2008-05-13 20:17:45 83181 --a------ C:\WINNT\system32\drivers\MpFirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
2008-05-13 20:15:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Deskbar_{6B396F16-50DF-4cef-9F51-02AAA0DB02DD}
2008-05-13 20:15:28 0 d-------- C:\Program Files\dbar
2008-05-13 20:09:25 43065 --a------ C:\WINNT\acdt-pid76.exe
2008-05-13 19:05:15 0 d-------- C:\Documents and Settings\Default User\Application Data\McAfee.com Personal Firewall
2008-05-13 19:03:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-05-13 19:02:07 4512 --a------ C:\WINNT\system32\drivers\NaiFsRec.sys
2008-05-13 19:01:14 0 d-------- C:\Program Files\McAfee
2008-05-13 19:01:14 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-13 19:00:42 270336 -ra------ C:\WINNT\system32\mcgdmgr.dll <Not Verified; Networks Associates Technology, Inc; McAfee Security Download Control>
2008-05-13 19:00:41 0 d-------- C:\Program Files\McAfee.com
2008-05-13 18:45:28 147456 --a------ C:\WINNT\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-05-13 18:42:43 399943 --a------ C:\WINNT\four444444.exe
2008-05-13 18:42:42 136627 --a------ C:\WINNT\LOT66225.exe
2008-05-13 18:42:41 266607 --a------ C:\WINNT\two222222.exe
2008-05-13 18:42:39 49152 --a------ C:\WINNT\one11111.exe <Not Verified; ; Browser Driver>
2008-05-13 18:42:24 0 d-------- C:\Documents and Settings\Default User\Application Data\NetMon
2008-05-13 18:42:03 86144 --a------ C:\WINNT\system32\drivers\ndisipp.sys
2008-05-13 18:42:02 0 d-------- C:\WINNT\system32\polX
2008-05-13 18:42:02 0 d-------- C:\WINNT\system32\binR
2008-05-13 18:42:02 0 d-------- C:\Program Files\winvi
2008-05-13 18:42:01 0 d-------- C:\WINNT\system32\GUI2
2008-05-13 18:42:01 0 d-------- C:\WINNT\system32\3036a
2008-05-13 18:41:45 0 d-------- C:\WINNT\system32\dFrnx18
2008-05-12 22:43:26 0 d-------- C:\Program Files\Avanquest update
2008-05-12 22:42:31 0 d-------- C:\Program Files\Motorola Phone Tools <MOTORO~1>


-- Find3M Report ---------------------------------------------------------------

2008-05-13 20:05:08 1855 --a------ C:\WINNT\mozver.dat
2008-03-23 08:29:54 823912 ---h----- C:\WINNT\ShellIconCache


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
11/14/07 06:36a 1486848 --a------ C:\Program Files\dbar\Deskbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [02/15/01 02:10a C:\WINNT\system32\tp4serv.exe]
"AtiPTA"="Atiptaxx.exe" [12/22/00 12:49p C:\WINNT\system32\atiptaxx.exe]
"SoundFusion"="cwcprops.cpl" [11/01/00 06:12p C:\WINNT\system32\cwcprops.cpl]
"tourpath"="regedit /s c:\winnt\tour.reg" []
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [11/21/00 11:55a]
"TpHotkey"="C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe" [10/11/00 08:59p]
"PRPCMonitor"="PRPCUI.exe" [01/06/00 08:00a C:\WINNT\system32\prpcui.exe]
"POINTER"="point32.exe" []
"LTWinModem1"="ltmsg.exe" [10/28/03 01:00a C:\WINNT\system32\ltmsg.exe]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [02/27/03 02:17p]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [06/14/01 12:42p]
"PrinTray"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe" [06/27/02 03:47a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/08 04:25a]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [08/31/04 09:23a]
"RetroExpress"="C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" [07/30/04 03:47p]
"MXOBG"="C:\WINNT\MXOALDR.EXE" [10/10/03 11:23a]
"LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05/21/04 07:11p]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/01/04 11:09a]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/01/04 11:03a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"{31-15-50-03-DW}"="c:\winnt\system32\jmwnw64m.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [03/07/05 03:07p]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [07/29/03 06:52p]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08/08/03 06:02p]
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [09/02/03 03:01a]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [03/07/05 03:05p]
"dbar_starter"="C:\Documents and Settings\Administrator\Application Data\Deskbar_{6B396F16-50DF-4cef-9F51-02AAA0DB02DD}\starter.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [09/04/07 04:40p]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/01/04 02:46a]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/06 07:29a]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 04:45p]
"WinUpdater"="C:\Program Files\winvi\update.exe" []
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [04/25/08 12:57a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-05-14 23:41:42 ------------

BC AdBot (Login to Remove)

 


m

#2 Muzzy45

Muzzy45
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 May 2008 - 11:44 PM

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 89%
Physical Memory (total/avail): 255.48 MiB / 26.66 MiB
Pagefile Memory (total/avail): 617.21 MiB / 362.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.34 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 37.25 GiB total, 22.59 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATCS05-0 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JEFFREY-P17U27N
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\JEFFREY-P17U27N
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\PROGRAM FILES\THINKPAD\UTILITIES
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=JEFFREY-P17U27N
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{983DD781-10DA-4C25-8706-9E152DFCEF90}
A.D.A.M. Interactive Anatomy --> C:\WINNT\IsUninst.exe -f"C:\Program Files\A.D.A.M. Software\A.D.A.M. Interactive Anatomy\Uninst.isu"
Access ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D547B54E-ADCC-4AC5-89C7-7D0E1F2A4315}\setup.exe"
Acoustica MP3 CD Burner --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~2\INSTALL.LOG
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
ATI Display Driver Utilities --> rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
C:\PROGRA~1\LEXMAR~1 --> C:\PROGRA~1\LEXMAR~1
CadStd --> C:\WINNT\uninst.exe -f"C:\Program Files\Apperson\CadStd\DeIsL1.isu" -c"C:\Program Files\Apperson\CadStd\_ISREG32.DLL"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera TWAIN Driver 6.7 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{458D973D-A2CF-4002-A599-170E43F78713} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
ConfigSafe --> C:\WINNT\ILUNINST.EXE C:\CFGSAFE
dbar --> "C:\Program Files\dbar\dbaruninst.exe" /S _?=C:\Program Files\dbar
DirectX 8 Hotfix - KB839643 --> C:\WINNT\$NtUninstallKB839643-DirectX8$\spuninst\spuninst.exe
DirectX 8.1 Hotfix - KB839643 --> C:\WINNT\$NtUninstallKB839643-DirectX81$\spuninst\spuninst.exe
IBM ThinkPad On Screen Display --> C:\WINNT\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unoscr.isu"
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
IBM TrackPoint Support --> %SystemRoot%\System32\tp4unins.exe
IBM Update Connector --> msiexec /x "C:\IBMTools\Updater\IBM Update Connector.msi"
Intel SpeedStep technology Applet --> C:\WINNT\IsUninst.exe -f"C:\WINNT\System32\Intel® SpeedStep™ technology Applet.isu"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\LOGITECH\PRINTS~1\UNWISE.EXE C:\PROGRA~1\LOGITECH\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lucent Win Modem --> C:\WINNT\system32\ltremove.exe
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} /l1033
McAfee Internet Security 6.0 --> MsiExec.exe /I{56D45213-8AD9-46C5-A393-EB21A760DD43}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINNT\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINNT\INF\wpie3x86.inf,WebPostUninstall
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
PC-Doctor for Windows 2000 --> C:\WINNT\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
Retrospect Express HD 1.0 --> MsiExec.exe /I{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Shockwave --> C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\INSTALL.LOG
ThinkPad Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CAA544B-EFEE-4FA7-B414-F7A80345E916}\setup.exe"
ThinkPad Configuration --> C:\WINNT\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Uninst.isu" -c"C:\Program Files\ThinkPad\Utilities\tpinst32.dll"
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\ThinkPad\UZoom\TpUZoom.inf
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
Windows Media Player 9 Hotfix [See KB885492 for more information] --> C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type1435 / Warning
Event Submitted/Written: 05/13/2008 07:07:52 PM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfProc performance library due to a time violation in the close function

Event Record #/Type1434 / Warning
Event Submitted/Written: 05/13/2008 07:06:51 PM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfProc performance library due to a time violation in the collect function



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6070 / Error
Event Submitted/Written: 05/14/2008 11:23:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%1083

Event Record #/Type6069 / Error
Event Submitted/Written: 05/14/2008 11:23:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%1083

Event Record #/Type6068 / Error
Event Submitted/Written: 05/14/2008 11:23:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%1083

Event Record #/Type6067 / Error
Event Submitted/Written: 05/14/2008 11:23:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%1083

Event Record #/Type6066 / Error
Event Submitted/Written: 05/14/2008 11:23:02 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%1083



-- End of Deckard's System Scanner: finished at 2008-05-14 23:41:42 ------------

#3 Muzzy45

Muzzy45
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 17 May 2008 - 11:00 AM

I think I have it under control guys. I downloaded and ran AdAware and it seems to have taken care of it. Probably should have done that first. Thanks anyway!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:58 PM

Posted 05 June 2008 - 01:39 PM

Thanks for letting us know. :thumbsup:


Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users