Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer Ad Popup/ Virtumonde Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 navoxeno

navoxeno

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 21 May 2008 - 08:03 AM

Help, my computer has been infected by some sort of virus. When my computer turns on, a default background comes on that the virus put on. it says "Warning: spyware threat has been detected on your PC" if i let the computer sit for too long, roaches will come onto the screen and start eating the icons. I have tried vundofix and vundomundo be gone and both were seemingly unsuccessful. Anytime i try to go on the internet with the infected computer it pops up with several random web sites. Most web sites are spyware removal sites that seem bogus. I had to use a "jumpdrive" to get the programs downloaded from this site to the infected computer. I'm at my end here, i cannot figure it out. Currently i'm on another computer however i did manage to get the hijackthis file. Here it is. Please help me, and thank you for your assistance!

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-21 06:43:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-05-21 12:43:31 UTC - RP520 - Deckard's System Scanner Restore Point
35: 2008-05-19 14:48:34 UTC - RP519 - System Checkpoint
34: 2008-05-17 23:03:47 UTC - RP518 - Last known good configuration
33: 2008-05-17 23:03:32 UTC - RP517 - Software Distribution Service 3.0
32: 2008-05-17 23:03:29 UTC - RP516 - System Checkpoint


-- First Restore Point --
1: 2008-05-17 23:02:53 UTC - RP485 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-21 06:47:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TSI32\TSIRCUSR.exe
C:\WINDOWS\TSI32\TsiUser.exe
C:\WINDOWS\system32\xwusuhzh.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TSIRCSRV.exe
C:\Program Files\LapLink Gold\laplink.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\scnttkdm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\jswnw64n.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\winvi\wupda.exe
C:\Program Files\QdrModule\QdrModule16.exe
C:\Program Files\QdrPack\QdrPack16.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\InterMute\IMStart.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\rundll32.exe
K:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe,"c:\windows\tsi32\tsiuser.exe",C:\WINDOWS\system32\xwusuhzh.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O2 - BHO: (no name) - {613BCFA2-A61D-45FF-A239-727664C770E3} - C:\WINDOWS\system32\vtUlMgFY.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: {d35a80cd-122d-d9ab-add4-1f4831a17537} - {73571a13-84f1-4dda-ba9d-d221dc08a53d} - C:\WINDOWS\system32\foafwyju.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: mysidesearch browser optimizer - {bbe5f660-713e-7a9b-fe30-84963c0236d0} - C:\WINDOWS\system32\{eaeb2699-a19b-aa1f-388d-35c4cb5061c5}.dll
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\deskbar.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: gooochi browser optimizer - {d87cc400-66ca-9d5d-1ec9-bfb1f923023c} - C:\WINDOWS\system32\{158fb228-b0c7-fff4-3de0-24cb0e3d7c2e}.dll
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scnttkdm.exe DWram
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LapLink Server Proxy] "C:\Program Files\LapLink Gold\WProxy.exe" -l
O4 - HKLM\..\Run: [{D0-0D-D5-5F-DW}] C:\WINDOWS\system32\jswnw64n.exe DWram
O4 - HKLM\..\Run: [{f4859989-9034-05b9-da36-4dd1d0541b08}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{158fb228-b0c7-fff4-3de0-24cb0e3d7c2e}.dll" DllInit
O4 - HKLM\..\Run: [546d0df0] rundll32.exe "C:\WINDOWS\system32\wltbibnx.dll",b
O4 - HKLM\..\Run: [BM575e3e6c] Rundll32.exe "C:\WINDOWS\system32\jxxefqol.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scnttkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64n.exe
O4 - Startup: IMStart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\system32\Crypserv.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LapLink - Laplink Software, Inc. - C:\Program Files\LapLink Gold\laplink.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\WINDOWS\system32\TSIRCSRV.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe


--
End of file - 13547 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 smbalii - c:\windows\system32\drivers\smbalii.sys
R1 tsircmir (LapLink Mirror Driver Miniport) - c:\windows\system32\drivers\tsircmir.sys <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R2 TSISER - c:\windows\system32\drivers\tsiser.sys <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>
R2 TSISTRMX (Traveling Software Stream Driver) - c:\windows\system32\drivers\tsistrmx.sys <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>
R2 wovstat - c:\windows\system32\spool\drivers\w32x86\2\wovstat.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 TSIKBF5 (Traveling Software Keyboard Filter Driver) - c:\windows\system32\drivers\tsikbf5.sys <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>
R3 TSIMSF5 (Traveling Software Mouse Filter Driver) - c:\windows\system32\drivers\tsimsf5.sys <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>

S1 TSIRCINK (Traveling Software Install Driver) - c:\windows\system32\drivers\tsircink.sys <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>
S2 HIT_PARA - c:\windows\system32\drivers\hit_para.sys
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
R2 GEARSecurity (Gear Security Service) - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 LapLink - "c:\program files\laplink gold\laplink.exe" <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>
R2 TSIRCSRV (TSI Remote Control Service) - c:\windows\system32\tsircsrv.exe <Not Verified; Laplink Software, Inc.; LAPLINK GOLD>

S2 Windows Action Script - "c:\windows\system32\scvhost.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-20 19:27:01 622 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job


-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-21 06:27:35 2560 --a------ C:\WINDOWS\system32\ptoiefxc.exe
2008-05-21 06:25:48 83072 --a------ C:\WINDOWS\system32\wltbibnx.dll
2008-05-21 06:25:29 90224 --a------ C:\WINDOWS\system32\jxxefqol.dll
2008-05-20 21:36:24 0 d-------- C:\VundoFix Backups
2008-05-20 15:14:02 0 d-------- C:\WINDOWS\pss
2008-05-20 14:41:02 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-20 14:41:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-20 14:41:02 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-20 14:41:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-20 14:41:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-20 14:41:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-20 14:41:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-05-20 14:41:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-05-20 14:41:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-20 14:41:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-20 14:41:01 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-20 14:41:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-20 14:41:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-20 14:41:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-20 14:41:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-20 14:41:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-20 14:41:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-20 14:41:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-20 14:41:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-20 14:41:00 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-20 10:24:14 16636 --a------ C:\WINDOWS\system32\drivers\hosts
2008-05-20 10:24:14 16636 --a------ C:\WINDOWS\hosts
2008-05-20 10:24:12 17055 --a------ C:\bs.exe
2008-05-20 09:42:37 0 d-------- C:\Program Files\Windows Sidebar
2008-05-20 09:39:30 0 d-------- C:\Program Files\Norton Internet Security
2008-05-20 09:36:56 0 d-------- C:\Program Files\Symantec
2008-05-20 09:16:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-20 09:13:08 83024 --a------ C:\WINDOWS\system32\qoivljkp.dll
2008-05-20 09:06:56 2048 --a------ C:\WINDOWS\system32\ucxxpfvq.exe
2008-05-20 09:06:44 99856 --a------ C:\WINDOWS\system32\foafwyju.dll
2008-05-20 09:06:34 90160 --a------ C:\WINDOWS\system32\xkrxaywj.dll
2008-05-19 10:10:25 2048 --a------ C:\WINDOWS\system32\dsyqgjpb.exe
2008-05-19 10:07:49 99856 --a------ C:\WINDOWS\system32\dywydbrm.dll
2008-05-19 08:11:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Deskbar_{D141E7FB-8670-4a79-946F-2D2652AB6B76}
2008-05-19 08:10:52 0 d-------- C:\Program Files\dbar
2008-05-19 08:06:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-19 07:55:20 439808 --a------ C:\WINDOWS\system32\{eaeb2699-a19b-aa1f-388d-35c4cb5061c5}.dll
2008-05-19 07:50:41 90160 --a------ C:\WINDOWS\system32\qphbcnmr.dll
2008-05-19 07:49:43 1344203 --ahs---- C:\WINDOWS\system32\PrBKRXbc.ini2
2008-05-19 07:49:15 314432 --a------ C:\WINDOWS\system32\cbXRKBrP.dll
2008-05-19 07:46:37 20992 --a------ C:\WINDOWS\system\run.exe
2008-05-19 07:46:36 10258 --a------ C:\delextra.exe <Not Verified; c; m>
2008-05-19 07:46:34 7680 --a------ C:\WINDOWS\system\delnew.exe
2008-05-19 07:46:33 11224 --a------ C:\WINDOWS\system\del.exe <Not Verified; y9053l92871d64272218r9300842h6n697461463w0k252844717e4p375912807u0n867490125d3e682679148u3f821904494w3a986278874y9053l92871d64272218r9300842h6n697461463w0k252844717e4p375912807u0n867490125d3e682679148u3f821904494w3a986278874y9053l92871d64272218r9300842h6n697461463w0k252844717e4p375912807u0n867490125d3e682679148u3f821904494w3a986278874y9053l92871d64272218r9300842h6n697461463w0k252844717e4p375912807u0n867490125d3e682679148u3f821904494w3a986278874; y9053l92871d64272218r9300842h6n697461463w0k252844717e4p375912807u0y9053l92871d64272218r9300842h6n697461463w0k252844717e4p375912807u0n867490125d3e682679148u3f821904494w3a986278874n867490125d3e682679148u3f821904494w3a986278874>
2008-05-19 07:46:23 21830 --a------ C:\gm.exe
2008-05-19 07:45:57 401972 --a------ C:\WINDOWS\system32\g26.exe
2008-05-17 17:04:44 90224 --a------ C:\WINDOWS\system32\bqrryuxx.dll
2008-05-17 17:02:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-17 17:02:50 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-17 17:02:41 459 --ahs---- C:\WINDOWS\system32\YFgMlUtv.ini2
2008-05-17 17:02:23 314416 --a------ C:\WINDOWS\system32\vtUlMgFY.dll
2008-05-17 16:53:35 24576 --a------ C:\WINDOWS\y.exe
2008-05-17 16:53:35 17664 --a------ C:\WINDOWS\xplugin.dll
2008-05-17 16:53:35 31232 --a------ C:\WINDOWS\x.exe
2008-05-17 16:53:34 16640 --a------ C:\WINDOWS\winmgnt.exe
2008-05-17 16:53:34 23808 --a------ C:\WINDOWS\window.exe
2008-05-17 16:53:34 23040 --a------ C:\WINDOWS\winajbm.dll
2008-05-17 16:53:34 25088 --a------ C:\WINDOWS\win64.exe
2008-05-17 16:53:33 16640 --a------ C:\WINDOWS\win32e.exe
2008-05-17 16:53:33 21248 --a------ C:\WINDOWS\waol.exe
2008-05-17 16:53:33 30976 --a------ C:\WINDOWS\users32.exe
2008-05-17 16:53:33 8960 --a------ C:\WINDOWS\time.exe
2008-05-17 16:53:33 21248 --a------ C:\WINDOWS\systemcritical.exe
2008-05-17 16:53:33 15104 --a------ C:\WINDOWS\systeem.exe
2008-05-17 16:53:33 29952 --a------ C:\WINDOWS\svcinit.exe
2008-05-17 16:53:32 16640 --a------ C:\WINDOWS\svchost32.exe
2008-05-17 16:53:32 13568 --a------ C:\WINDOWS\sistem.exe
2008-05-17 16:53:32 28672 --a------ C:\WINDOWS\searchword.dll
2008-05-17 16:53:31 26368 --a------ C:\WINDOWS\rundll16.exe
2008-05-17 16:53:31 17664 --a------ C:\WINDOWS\quicken.exe
2008-05-17 16:53:31 32000 --a------ C:\WINDOWS\qttasks.exe
2008-05-17 16:53:30 29696 --a------ C:\WINDOWS\olehelp.exe
2008-05-17 16:53:30 14336 --a------ C:\WINDOWS\notepad32.exe
2008-05-17 16:53:30 23808 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-17 16:53:30 10240 --a------ C:\WINDOWS\mswsc20.dll
2008-05-17 16:53:30 23808 --a------ C:\WINDOWS\mswsc10.dll
2008-05-17 16:53:29 20480 --a------ C:\WINDOWS\msupdate.exe
2008-05-17 16:53:29 26880 --a------ C:\WINDOWS\mssys.exe
2008-05-17 16:53:29 18944 --a------ C:\WINDOWS\msspi.dll
2008-05-17 16:53:29 12288 --a------ C:\WINDOWS\msconfd.dll
2008-05-17 16:53:28 31488 --a------ C:\WINDOWS\loader.exe
2008-05-17 16:53:28 15872 --a------ C:\WINDOWS\internet.exe
2008-05-17 16:53:28 14080 --a------ C:\WINDOWS\inetinf.exe
2008-05-17 16:53:28 29696 --a------ C:\WINDOWS\iexplorer.exe
2008-05-17 16:53:27 16128 --a------ C:\WINDOWS\iedll.exe
2008-05-17 16:53:27 30976 --a------ C:\WINDOWS\helpcvs.exe
2008-05-17 16:53:27 27136 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-17 16:53:27 30464 --a------ C:\WINDOWS\funny.exe
2008-05-17 16:53:26 16384 --a------ C:\WINDOWS\funniest.exe
2008-05-17 16:53:26 29184 --a------ C:\WINDOWS\explorer32.exe
2008-05-17 16:53:26 15616 --a------ C:\WINDOWS\explore.exe
2008-05-17 16:53:26 32512 --a------ C:\WINDOWS\editpad.exe
2008-05-17 16:53:25 25600 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-17 16:53:25 30464 --a------ C:\WINDOWS\directx32.exe
2008-05-17 16:53:25 16640 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-17 16:53:25 23808 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-17 16:53:24 12288 --a------ C:\WINDOWS\cpan.dll
2008-05-17 16:53:24 26880 --a------ C:\WINDOWS\clrssn.exe
2008-05-17 16:53:24 11520 --a------ C:\WINDOWS\avpcc.dll
2008-05-17 16:53:24 11008 --a------ C:\WINDOWS\accesss.exe
2008-05-17 16:52:02 49166 --a------ C:\WINDOWS\system32\jswnw64n.exe <Not Verified; ; Browser Driver>
2008-05-17 16:48:33 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-05-17 16:48:28 0 d-------- C:\Program Files\Common Files\??pPatch
2008-05-17 16:46:55 37376 --a------ C:\WINDOWS\mrofinu72.exe
2008-05-17 16:45:52 0 d-------- C:\Program Files\QdrPack
2008-05-17 16:45:14 0 d-------- C:\Program Files\QdrModule
2008-05-17 16:45:11 0 d-------- C:\Program Files\ISM
2008-05-17 16:43:45 10059 --a------ C:\startup.exe
2008-05-17 16:42:47 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-17 16:42:42 37376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-05-17 16:42:27 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-17 16:42:26 200768 --a------ C:\WINDOWS\system32\scnttkdm.exe
2008-05-17 16:42:06 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-17 16:41:56 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-17 16:41:49 49158 --a------ C:\WINDOWS\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>
2008-05-17 16:41:49 0 d-------- C:\Program Files\winvi
2008-05-17 16:41:48 86144 --a------ C:\WINDOWS\system32\drivers\smbalii.sys
2008-05-17 16:41:44 0 d-------- C:\WINDOWS\system32\polX
2008-05-17 16:41:44 0 d-------- C:\WINDOWS\system32\GUI2
2008-05-17 16:41:44 0 d-------- C:\WINDOWS\system32\binR
2008-05-17 16:41:44 0 d-------- C:\WINDOWS\system32\3036a
2008-05-17 16:41:38 96256 --a------ C:\WINDOWS\system32\ctfmona.exe
2008-05-17 16:41:15 0 d-------- C:\WINDOWS\system32\dFrnx06
2008-05-17 16:40:05 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-17 16:39:58 87513 --a------ C:\WINDOWS\system32\xwusuhzh.exe <Not Verified; Microsoft; XML Media>
2008-05-16 23:29:20 226698 --a------ C:\WINDOWS\system32\000060.exe
2008-05-09 12:10:08 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-05-09 11:10:10 229514 --a------ C:\WINDOWS\system32\000090.exe
2008-05-05 10:24:34 330752 --a------ C:\WINDOWS\system32\{158fb228-b0c7-fff4-3de0-24cb0e3d7c2e}.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-21 06:20:54 0 d-------- C:\Program Files\Common Files\LapLink AntiVirus
2008-05-20 19:00:29 0 d-------- C:\Program Files\LapLink Gold
2008-05-20 10:30:07 0 d-------- C:\Program Files\WildTangent
2008-05-20 09:48:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-05-20 09:41:51 0 d-------- C:\Program Files\Common Files
2008-05-17 16:48:29 0 d-------- C:\Program Files\Common Files\??pPatch
2008-04-25 10:19:26 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 09:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613BCFA2-A61D-45FF-A239-727664C770E3}]
05/17/2008 05:02 PM 314416 --a------ C:\WINDOWS\system32\vtUlMgFY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
05/20/2008 09:41 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73571a13-84f1-4dda-ba9d-d221dc08a53d}]
05/20/2008 09:06 AM 99856 --a------ C:\WINDOWS\system32\foafwyju.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bbe5f660-713e-7a9b-fe30-84963c0236d0}]
05/19/2008 07:55 AM 439808 --a------ C:\WINDOWS\system32\{eaeb2699-a19b-aa1f-388d-35c4cb5061c5}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
11/14/2007 07:36 AM 1486848 --a------ C:\Program Files\dbar\Deskbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d87cc400-66ca-9d5d-1ec9-bfb1f923023c}]
05/05/2008 10:24 AM 330752 --a------ C:\WINDOWS\system32\{158fb228-b0c7-fff4-3de0-24cb0e3d7c2e}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 09:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 05:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 05:15 AM]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [05/17/2008 04:41 PM]
"ExploreUpdSched"="C:\WINDOWS\system32\scnttkdm.exe" [05/17/2008 04:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/24/2007 11:07 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/24/2007 10:53 PM]
"LapLink Server Proxy"="C:\Program Files\LapLink Gold\WProxy.exe" [07/21/2004 10:14 AM]
"{D0-0D-D5-5F-DW}"="C:\WINDOWS\system32\jswnw64n.exe" [05/17/2008 04:52 PM]
"{f4859989-9034-05b9-da36-4dd1d0541b08}"="C:\WINDOWS\system32\{158fb228-b0c7-fff4-3de0-24cb0e3d7c2e}.dll" [05/05/2008 10:24 AM]
"546d0df0"="C:\WINDOWS\system32\wltbibnx.dll" [05/21/2008 06:25 AM]
"BM575e3e6c"="C:\WINDOWS\system32\jxxefqol.dll" [05/21/2008 06:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/11/2007 12:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"WinUpdater"="C:\Program Files\winvi\update.exe" [04/25/2008 01:57 AM]
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [04/25/2008 01:57 AM]
"QdrModule16"="C:\Program Files\QdrModule\QdrModule16.exe" [05/13/2008 04:32 AM]
"QdrPack16"="C:\Program Files\QdrPack\QdrPack16.exe" [05/12/2008 02:58 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\scnttkdm.exe [5/17/2008 4:42:26 PM]
DW_Start.lnk - C:\WINDOWS\system32\jswnw64n.exe [5/17/2008 4:52:02 PM]
IMStart.lnk - C:\Program Files\InterMute\IMStart.exe [4/1/2004 2:58:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/8/2004 12:21:02 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/8/2004 1:24:57 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/30/2003 6:49:48 AM]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [8/12/2002 10:00:40 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [4/1/2004 3:16:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe,\"c:\windows\tsi32\tsiuser.exe\",C:\WINDOWS\system32\xwusuhzh.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUlMgFY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\546d0df0]
rundll32.exe "C:\WINDOWS\system32\qoivljkp.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbar_starter]
C:\Documents and Settings\Owner\Application Data\Deskbar_{D141E7FB-8670-4a79-946F-2D2652AB6B76}\starter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LapLink Server Proxy]
"C:\Program Files\LapLink Gold\WProxy.exe" -l

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{D0-0D-D5-5F-DW}]
C:\windows\system32\jswnw64n.exe DWram

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{f4859989-9034-05b9-da36-4dd1d0541b08}]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{158fb228-b0c7-fff4-3de0-24cb0e3d7c2e}.dll" DllInit


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\CDSTART.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c49f8312-fd1f-11d8-a997-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c49f8314-fd1f-11d8-a997-806d6172696f}]
AutoRun\command- E:\CDSTART.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec299fa0-26e5-11dd-aa54-00112f2e19bb}]
AutoRun\command- K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe
open\command- K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads5.kaspersky-labs.com
127.0.0.1 www.kaspersky-labs.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com

525 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-21 06:50:34 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 447.48 MiB / 157.66 MiB
Pagefile Memory (total/avail): 1056.51 MiB / 645.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.53 MiB

C: is Fixed (NTFS) - 144.25 GiB total, 130.42 GiB free.
D: is Fixed (FAT32) - 4.79 GiB total, 0.62 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.79 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - SanDisk Cruzer Mini USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 976.38 MiB - K:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-VP7X3S9CTM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-VP7X3S9CTM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-VP7X3S9CTM
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Installshield Installation Information\{08082022-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082022-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Photoshop Album 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.ex_" -l0x9
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
airBridge --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\smartBridges\airBridge\Uninst.isu"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
dbar --> "C:\Program Files\dbar\dbaruninst.exe" /S _?=C:\Program Files\dbar
Deewoo Network Manager removal --> C:\WINDOWS\system32\scnttkdm.exe -UPop
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{158fb228-b0c7-fff4-3de0-24cb0e3d7c2e}.dll-uninst.exe
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GH CIS --> C:\WINDOWS\ST4UNST.EXE -n "C:\Program Files\EIS\ST4UNST.LOG"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GospeLink 2001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01D01D87-9272-47F0-A8A0-E8F1D682AE30}\SETUP.EXE"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9705A7E1-3DD1-4BAC-8CA9-FE7B1473BEC9}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LABELVIEW 7.0 --> C:\WINDOWS\IsUninst.exe -fC:\LVWIN70\Uninst.isu
Laplink Gold 12.0 --> C:\PROGRA~1\LAPLIN~1\LLUninst.exe
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MotionDV STUDIO 5.1E LE for DV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9B32332-3A66-4480-9769-CAB45CA1D179}\setup.exe" UNINSTALL
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MySidesearch Search Assistant Adzgalore --> C:\WINDOWS\system32\{eaeb2699-a19b-aa1f-388d-35c4cb5061c5}.dll-uninst.exe
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
PaperPort 9.0 --> MsiExec.exe /I{FDCE9C15-EB45-11D5-89C7-0050DA162A25}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickBooks Pro Edition 2004 --> C:\Program Files\Installshield Installation Information\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f822-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471}
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
SD Viewer for DV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BB9F5A8-5BBD-4A39-A6C5-06E2B49054F8}\setup.exe" NV-GS400
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Print Shop 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DD1FE66-5536-41E3-B786-70068887B3F4}\setup.exe" -l0x9 anything
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\System32\hg201hp.inf
Video Stream Driver for Panasonic DVC --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9A97D672-6C93-4DFA-B527-DE005A761495} /l1033
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
winvi (remove only) --> "C:\Program Files\winvi\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1505 / Error
Event Submitted/Written: 05/20/2008 09:32:48 PM
Event ID/Source: 110 / Laplink Gold 12.0
Event Description:
The Internet directory server is busy or otherwise temporarily unavailable. Please try again later.

Event Record #/Type1417 / Error
Event Submitted/Written: 05/20/2008 09:54:13 AM
Event ID/Source: 110 / Laplink Gold 12.0
Event Description:
The Internet directory server is busy or otherwise temporarily unavailable. Please try again later.

Event Record #/Type1384 / Warning
Event Submitted/Written: 05/20/2008 09:33:06 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1383 / Error
Event Submitted/Written: 05/20/2008 09:32:56 AM
Event ID/Source: 110 / Laplink Gold 12.0
Event Description:
The Internet directory server is busy or otherwise temporarily unavailable. Please try again later.

Event Record #/Type1372 / Warning
Event Submitted/Written: 05/20/2008 09:06:21 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32096 / Error
Event Submitted/Written: 05/21/2008 06:41:40 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type32091 / Error
Event Submitted/Written: 05/21/2008 06:39:39 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type32077 / Error
Event Submitted/Written: 05/21/2008 06:39:31 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type32040 / Error
Event Submitted/Written: 05/21/2008 06:21:54 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type32038 / Error
Event Submitted/Written: 05/21/2008 06:19:54 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-05-21 06:50:34 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:49 PM

Posted 22 May 2008 - 07:11 AM

Hello Navoxeno and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:49 PM

Posted 19 June 2008 - 08:08 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users