Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Error On Logging In; Dss And Hijack Logs Included - Computer 2


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kydd

Kydd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 20 May 2008 - 11:03 AM

Deckard's System Scanner v20071014.68

Run by rey on 2008-05-20 11:52:44

Computer is in Normal Mode.


-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --

1: 2008-05-20 15:52:49 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-05-20 11:56:33

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\COMPAQ\Compaq Management Agents\Cpqalert.exe

C:\WINDOWS\Cpqdiag\CPQDFWAG.EXE

C:\Program Files\COMPAQ\Compaq Management Agents\cpqWebDmi\Webdmi.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\DWRCS.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

C:\Program Files\COMPAQ\Compaq Management Agents\Cpqdmi.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\8H2F812B\dss[1].exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cae-nyc.org/intranet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cae-nyc.org/intranet

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cae-nyc.org/intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll

O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.staples.com (HKCU)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\Software\..\Telephony: DomainName = cae-nyc.com

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{5F242527-E1F0-4094-B52F-109C62E33852}: NameServer = 10.0.225.240

O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = cae-nyc.com

O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = cae-nyc.com

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = cae-nyc.com

O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll

O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\COMPAQ\Compaq Management Agents\Cpqalert.exe

O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\CPQDFWAG.EXE

O23 - Service: cpqdmi - Compaq Computer Corporation - C:\Program Files\COMPAQ\Compaq Management Agents\Cpqdmi.exe

O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\Compaq Management Agents\cpqWebDmi\Webdmi.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe

O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: WIN32SL - Intel - C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

O24 - Desktop Component 0: - file:///C:/DOCUME~1/rey/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg



--

End of file - 9872 bytes



-- File Associations -----------------------------------------------------------



.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2

.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"





-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------



R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys

R1 ClntMgmt (Compaq Client Management Driver) - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Compaq Computer Corp; Compaq Client Management Driver>

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>



S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys (file missing)

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)

S3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>





-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------



R2 CPQALERT (Compaq Local Alerter) - c:\program files\compaq\compaq management agents\cpqalert.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>

R2 CpqDfwWebAgent (Compaq Remote Diagnostics Enabling Agent) - c:\windows\cpqdiag\cpqdfwag.exe <Not Verified; Compaq Computer Corporation; Compaq Remote Diagnostics Enabling Agent>

R2 cpqdmi - c:\progra~1\compaq\compaq~1\cpqdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>

R2 cpqWebDmi (Compaq DMI Web Agent) - c:\progra~1\compaq\compaq~1\cpqweb~1\webdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>

R2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development LLC; DameWare Development DWRCS>

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>

R2 WIN32SL - c:\program files\compaq\compaq management agents\dmi\win32\bin\win32sl.exe <Not Verified; Intel; DMI 2.0 SDK>



S2 McShield (Network Associates McShield) - "c:\program files\network associates\virusscan\mcshield.exe" (file missing)

S2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" (file missing)

S2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>





-- Device Manager: Disabled ----------------------------------------------------



No disabled devices found.





-- Scheduled Tasks -------------------------------------------------------------



2008-05-20 09:26:35 408 --a------ C:\Windows\Tasks\At1.job





-- Files created between 2008-04-20 and 2008-05-20 -----------------------------



2008-05-14 06:48:52 0 d-------- C:\Windows\LastGood

2008-05-09 11:30:54 0 d-------- C:\Documents and Settings\debra\Application Data\Macromedia

2008-05-09 11:30:54 0 d-------- C:\Documents and Settings\debra\Application Data\Adobe

2008-05-09 11:29:32 0 d-------- C:\Documents and Settings\debra\Application Data\Mozilla

2008-05-09 11:18:17 0 d-------- C:\Documents and Settings\debra\Application Data\Google

2008-05-09 11:16:06 0 d--h----- C:\Documents and Settings\debra\Templates

2008-05-09 11:16:06 0 dr------- C:\Documents and Settings\debra\Start Menu

2008-05-09 11:16:06 0 dr-h----- C:\Documents and Settings\debra\SendTo

2008-05-09 11:16:06 0 dr-h----- C:\Documents and Settings\debra\Recent

2008-05-09 11:16:06 0 d--h----- C:\Documents and Settings\debra\PrintHood

2008-05-09 11:16:06 0 d--h----- C:\Documents and Settings\debra\NetHood

2008-05-09 11:16:06 0 dr------- C:\Documents and Settings\debra\My Documents

2008-05-09 11:16:06 0 d--h----- C:\Documents and Settings\debra\Local Settings

2008-05-09 11:16:06 0 dr------- C:\Documents and Settings\debra\Favorites

2008-05-09 11:16:06 0 d-------- C:\Documents and Settings\debra\Desktop

2008-05-09 11:16:06 0 d--hs---- C:\Documents and Settings\debra\Cookies

2008-05-09 11:16:06 0 dr-h----- C:\Documents and Settings\debra\Application Data

2008-05-09 11:16:06 0 d---s---- C:\Documents and Settings\debra\Application Data\Microsoft

2008-05-09 11:16:06 0 d-------- C:\Documents and Settings\debra\Application Data\Identities

2008-05-09 11:16:05 1048576 --ah----- C:\Documents and Settings\debra\NTUSER.DAT





-- Find3M Report ---------------------------------------------------------------



2008-04-29 12:05:08 0 d-------- C:\Program Files\Common Files\Blackbaud

2008-04-23 09:35:25 0 d-------- C:\Program Files\Symantec AntiVirus





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="C:\Windows\system32\mobsync.exe" [08/04/2004 03:56 AM]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 10:21 AM]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 08:27 PM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 12:05 PM]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 10:36 AM]

"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [08/04/2004 03:56 AM]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"CPQDFWAG"=C:\Windows\Cpqdiag\CpqDfwAg.exe



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [9/13/2002 7:23:32 PM]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisablePersonalDirChange"=1 (0x1)



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1113\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1117\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1127\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1147\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1152\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1153\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1156\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1158\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1174\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1175\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1179\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1187\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1189\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1193\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1196\Scripts\Logon\0\0]

"Script"=kaseya.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1196\Scripts\Logon\1\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1200\Scripts\Logon\0\0]

"Script"=kaseya.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1200\Scripts\Logon\1\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1217\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1226\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1230\Scripts\Logon\0\0]

"Script"=kaseya.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1230\Scripts\Logon\1\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1232\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1617\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1621\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1633\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1634\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1638\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1664\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-823518204-746137067-1801674531-1676\Scripts\Logon\0\0]

"Script"=login.bat



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]

C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe





[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-05-20 11:57:16 ------------


Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------



-- System Information ----------------------------------------------------------



Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English



CPU 0: Intel® Pentium® 4 CPU 2.00GHz

Percentage of Memory in Use: 47%

Physical Memory (total/avail): 1271.48 MiB / 669.82 MiB

Pagefile Memory (total/avail): 3126.81 MiB / 2795.08 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1899.47 MiB



A: is Removable (No Media)

C: is Fixed (NTFS) - 37.27 GiB total, 22.68 GiB free.

D: is CDROM (No Media)

H: is Network (NTFS)

S: is Network (NTFS)



\\.\PHYSICALDRIVE0 - WDC WD400BB-60CJA0 - 37.27 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:







-- Security Center -------------------------------------------------------------



AUOptions is set to notify before install.

Windows Internal Firewall is disabled.



AV: Symantec AntiVirus Corporate Edition v10.0.1.1000 (Symantec Corporation)



[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\Paradigm5\\dbeng6.exe"="C:\\Paradigm5\\dbeng6.exe:*:Disabled:Adaptive Server Anywhere Database Engine"

"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"

"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\\Para51\\dbeng6.exe"="C:\\Para51\\dbeng6.exe:*:Enabled:Adaptive Server Anywhere Database Engine"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\Common Files\\AOL\\1140706933\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1140706933\\ee\\aolsoftware.exe:*:Enabled:AOL Services"

"C:\\Program Files\\Common Files\\AOL\\1140706933\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1140706933\\ee\\aim6.exe:*:Enabled:AIM"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"





-- Environment Variables -------------------------------------------------------



;Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\rey\Application Data

CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=CAE0301

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\rey

LOGONSERVER=\\CAEDC1

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Program Files\Internet Explorer;;C:\Program Files\Microsoft Office\OFFICE11\;C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Blackbaud\The Raisers Edge 7\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0204

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\DOCUME~1\rey\LOCALS~1\Temp

TMP=C:\DOCUME~1\rey\LOCALS~1\Temp

USERDNSDOMAIN=CAE-NYC.COM

USERDOMAIN=CAE

USERNAME=rey

USERPROFILE=C:\Documents and Settings\rey

WecVersionForRosebud.378=2

WIN32DMIPATH=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32

windir=C:\Windows





-- User Profiles ---------------------------------------------------------------



Administrator (admin)

joe (admin)

stephanie (admin)

Intern (admin)

rudy (admin)

intern2 (new local, admin, net ready)

intern3 (admin)

wendy (new local, admin, net ready)

intern4 (admin)

intern1 (new local, admin, net ready)

kpoene (admin)

kate (new local, admin, net ready)

amanda (new local, admin, net ready)

skeh (new local, admin, net ready)

stacey (new local, admin, net ready)

jason (admin)

heather (new local, admin, net ready)

rey (admin)

kelley (admin)

sonja (new local, admin, net ready)

liz (admin)

jessica (new local, admin, net ready)

alice (admin)

cynthia (admin)

tydas (admin)

sharmeen (admin)

krista (admin)

debra (new local, admin, net ready)

Administrator.CAE (admin)





-- Add/Remove Programs ---------------------------------------------------------



--> C:\Windows\IsUninst.exe -fC:\Windows\orun32.isu

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Able2Extract v5.0 --> C:\Program Files\Investintech.com Inc\Able2Extract 5.0\Uninstal.exe

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG

Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Belarc Advisor 6.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG

Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe

BlackBerry Desktop Software 4.1 --> MsiExec.exe /I{43B56C4F-0E82-472A-B0E0-A4A0C59CC26F}

BlackBerry Desktop Software 4.1 --> MsiExec.exe /i{43B56C4F-0E82-472A-B0E0-A4A0C59CC26F}

Bullzip PDF Printer 3.0.0.222 --> "C:\Program Files\Bullzip\PDF Printer\unins000.exe"

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

Compaq Management Agents --> C:\Windows\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Management Agents\DeIsL1.isu" -c"C:\Program Files\Compaq\Compaq Management Agents\cpqdmun.dll"

Compaq Remote Diagnostics Enabling Agent --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71A470E1-27E7-424E-803A-F9C0D41968D3}\SETUP.EXE" -l0x9

Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Crystal Report --> MsiExec.exe /I{F8B2F6A2-1429-44EF-A604-81CEF70B82CA}

CutePDF Writer 2.2 --> C:\Windows\system32\uninscpw.exe C:\Program Files\

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

Help Files 1 --> C:\Windows\uninstall\Help Files\setup.exe

Intel® 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\Windows\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

Intel® PRO Ethernet Adapter and Software --> Prounstl.exe

Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}

J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Java 2 Runtime Environment, SE v1.4.2_13 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142130}

Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

Macromedia Dreamweaver 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall

Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall

Microsoft Data Access Components KB870669 --> C:\Windows\muninst.exe C:\Windows\INF\KB870669.inf

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe

Opera 9.02 --> MsiExec.exe /X{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4}

Paradigm 5.1A Client --> C:\Windows\IsUninst.exe -fC:\Para51\Uninst.isu -cC:\Para51\_UNODBC.DLL

QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB898458) --> "C:\Windows\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723) --> "C:\Windows\$NtUninstallKB923723$\spuninst\spuninst.exe"

Setup Compaq Software --> C:\Windows\IsUninst.exe -f"C:\Program Files\COMPAQ\Setup Compaq Software\Uninst.isu" -c"C:\Program Files\COMPAQ\Setup Compaq Software\CPQUNST.DLL"

Shadow Copy Client --> MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}

SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Symantec AntiVirus --> MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}

tcConference --> rundll32 C:\Windows\SYSTEM32\tc4.dll,uninstall

The Raiser's Edge --> MsiExec.exe /I{3ED92977-5FCD-11D3-9293-00104BD34E29}

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S

Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Yahoo! Mail Quick Select Tool (PhotoMail) --> C:\PROGRA~1\Yahoo!\Common\unymb.exe





-- Application Event Log -------------------------------------------------------



Event Record #/Type22975 / Warning

Event Submitted/Written: 05/20/2008 09:54:10 AM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WORDFiles' failed during request for component '{1EBDE4BC-9A51-4630-B541-2561FA45CCC5}'



Event Record #/Type22974 / Warning

Event Submitted/Written: 05/20/2008 09:54:10 AM

Event ID/Source: 1004 / MsiInstaller

Event Description:

Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WORDFiles', component '{1EBDE4BC-9A51-4630-B541-2561FA45CCC5}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE' does not exist.



Event Record #/Type22973 / Warning

Event Submitted/Written: 05/20/2008 09:54:10 AM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WORDFiles' failed during request for component '{1EBDE4BC-9A51-4630-B541-2561FA45CCC5}'



Event Record #/Type22972 / Warning

Event Submitted/Written: 05/20/2008 09:54:10 AM

Event ID/Source: 1004 / MsiInstaller

Event Description:

Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WORDFiles', component '{1EBDE4BC-9A51-4630-B541-2561FA45CCC5}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE' does not exist.



Event Record #/Type22971 / Warning

Event Submitted/Written: 05/20/2008 09:37:49 AM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WORDFiles' failed during request for component '{1EBDE4BC-9A51-4630-B541-2561FA45CCC5}'







-- Security Event Log ----------------------------------------------------------



No Errors/Warnings found.





-- System Event Log ------------------------------------------------------------



Event Record #/Type46522 / Warning

Event Submitted/Written: 05/20/2008 11:39:10 AM

Event ID/Source: 3019 / MRxSmb

Event Description:

The redirector failed to determine the connection type.



Event Record #/Type46521 / Warning

Event Submitted/Written: 05/20/2008 11:35:36 AM

Event ID/Source: 3019 / MRxSmb

Event Description:

The redirector failed to determine the connection type.



Event Record #/Type46520 / Warning

Event Submitted/Written: 05/20/2008 11:35:33 AM

Event ID/Source: 3019 / MRxSmb

Event Description:

The redirector failed to determine the connection type.



Event Record #/Type46519 / Warning

Event Submitted/Written: 05/20/2008 11:35:16 AM

Event ID/Source: 3019 / MRxSmb

Event Description:

The redirector failed to determine the connection type.

Event Record #/Type46518 / Warning

Event Submitted/Written: 05/20/2008 11:35:10 AM

Event ID/Source: 3019 / MRxSmb

Event Description:

The redirector failed to determine the connection type.


-- End of Deckard's System Scanner: finished at 2008-05-20 11:57:16 ------------

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:44 AM

Posted 16 June 2008 - 08:46 PM

Hello Kydd. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)

We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

If you still would like help, please follow the following instructions:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please make sure the following reports are present:
  • The Kaspersky scan report
  • DSS's Main.txt
  • DSS's Extra.txt

(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:44 AM

Posted 16 July 2008 - 11:51 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users