Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webhancer Program And Tor.exe


  • This topic is locked This topic is locked
43 replies to this topic

#1 qtaqq

qtaqq

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 25 May 2008 - 12:55 PM

Yesterday while on the internet the website kept trying to open outlook express. Since I don't have outlook express windows kept trying to install it. After hitting cancel three times to stop the install my firewall alerted me to programs that were trying to access the internet. Webhancer popped up first and I denied it access. Then the command window popped up for about a second and disappeared. Then I received two other warnings, one I don't remember what it was and the other was tor.exe. I never installed these two programs or recognized the names so I denied access to both of them. My Internet Explorer then began crashing. Also, ie.exe was trying to access the internet but since I didn't think this was the real IE i denied access.

I then ran norton antivirus and it found no viruses. I ran ad-aware and it could not get rid of the following files:
WebHancer Object Recognized!
Type : Folder
TAC Rating : 9
Category : Data Miner
Comment : WebHancer
Object : E:\Program Files\webHancer

WebHancer Object Recognized!
Type : File
Data : license.txt
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\



WebHancer Object Recognized!
Type : File
Data : readme.txt
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\



WebHancer Object Recognized!
Type : File
Data : sporder.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\
FileVersion : 4.00
ProductVersion : 4.00
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : WinSock2 reorder service providers
InternalName : sporder.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-1996
OriginalFilename : sporder.dll


WebHancer Object Recognized!
Type : File
Data : whagent.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\
FileVersion : 4.2.3
ProductVersion : 4.2.3
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2007 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : whiehlpr.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\
FileVersion : 4.2.3
ProductVersion : 4.2.3
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2007 webHancer Corporation
OriginalFilename : whiehlpr.dll


WebHancer Object Recognized!
Type : File
Data : webhdll.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\
FileVersion : 4.2.3
ProductVersion : 4.2.3
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2007 webHancer Corporation
OriginalFilename : webhdll.dll


WebHancer Object Recognized!
Type : File
Data : whinstaller.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\
FileVersion : 4.2.3
ProductVersion : 4.2.3
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2007 webHancer Corporation
OriginalFilename : whInstaller.exe


WebHancer Object Recognized!
Type : File
Data : whagent.ini
TAC Rating : 9
Category : Data Miner
Comment :
Object : E:\Program Files\webhancer\programs\



Other Object Recognized!
Type : File
Data : WHAGENT.EXE-268E9140.pf
TAC Rating : 7
Category : Malware
Comment :
Object : E:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : WHINSTALLER.EXE-30D3D4E0.pf
TAC Rating : 7
Category : Malware
Comment :
Object : E:\WINDOWS\prefetch\

I told ad-aware to scan again after reboot. I then ran the Kapersky scan (log below).

After I rebooted the computer and did the ad-aware scan I don't think it found any of the webhancer programs. I then ran the dss program. Again my firewall alerted me to two programs trying to access the internet. dss.exe, which I allowed. And then shortly after 24436.exe. I clicked on allow thinking it was part of the dss program. Then I recieved a warning from nortion antivirus about malicious script trying to perform the Action getfolder. I denied access. I had posted the main.txt and extra.txt in my first post but was then notified my hijackthis was out of date so I updated hijackthis and did a rescan. When I run dss now I don't get the extra.txt log. I'm still getting the malicious script waring from E:\DOCUME~1\Admin\LOCALS~1\Temp\~qilcmfa.tmp\lnkread.vbs, this time I allowed it thinking it must be part of DSS, but now I don't get the extra.txt log created. I will post the main.txt and then old extra.txt as a reply so this doesn't get kicked back like last time.

KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 11:57:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/05/2008
Kaspersky Anti-Virus database records: 799908


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 223819
Number of viruses found 11
Number of infected objects 26
Number of suspicious objects 2
Duration of the scan process 03:08:13

Infected Object Name Virus Name Last Action
D:\gsapwd.zip/gsapwd.exe Infected: not-a-virus:PSWTool.Win32.Game.v skipped

D:\gsapwd.zip ZIP: infected - 1 skipped

D:\gsapwd\gsapwd.exe Infected: not-a-virus:PSWTool.Win32.Game.v skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

E:\WINDOWS\system32\config\SYSTEM Object is locked skipped

E:\WINDOWS\system32\config\DEFAULT Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

E:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

E:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

E:\WINDOWS\Temp\ZLT06275.TMP Object is locked skipped

E:\WINDOWS\Temp\ZLT06278.TMP Object is locked skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{648DF0A1-DBB4-4040-90C8-F4A4BC56ED51}.crmlog Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

E:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

E:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

E:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

E:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

E:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

E:\WINDOWS\Internet Logs\CUMPUTADOR-E.ldb Object is locked skipped

E:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

E:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu2000070.exe Suspicious: Password-protected-EXE skipped

E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Temp\~DFFD9B.tmp Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Temp\Acr791D.tmp Object is locked skipped

E:\Documents and Settings\Admin\Local Settings\Temp\syswcc32.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped

E:\Documents and Settings\Admin\Local Settings\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

E:\Documents and Settings\Admin\Local Settings\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

E:\Documents and Settings\Admin\Local Settings\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

E:\Documents and Settings\Admin\Local Settings\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

E:\Documents and Settings\Admin\Local Settings\Temp\syswcc32.exe RarSFX: infected - 5 skipped

E:\Documents and Settings\Admin\Local Settings\Temp\~tmp476 Infected: Trojan-Clicker.Win32.Delf.abt skipped

E:\Documents and Settings\Admin\Local Settings\Temp\mmonHJ.exe/data0006 Infected: Trojan-Downloader.Win32.VB.epp skipped

E:\Documents and Settings\Admin\Local Settings\Temp\mmonHJ.exe NSIS: infected - 1 skipped

E:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\ArmyMenRTS-dm.exe.bac_a03728 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\ShopmaniaSetup-dm.exe.vir.bac_a03728 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\WestwardSetup-dm.exe.vir.bac_a03728 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\dinerdash2Setup-dm.exe.vir.bac_a03728 Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\b122.exe.vir.bac_a03728/stream/data0002 Infected: not-a-virus:AdWare.Win32.Rond.b skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\b122.exe.vir.bac_a03728/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\b122.exe.vir.bac_a03728/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\b122.exe.vir.bac_a03728 NSIS: infected - 3 skipped

E:\Documents and Settings\Admin\.housecall6.6\Quarantine\b122.exe.vir.bac_a03728 CryptFF.b: infected - 3 skipped

E:\Program Files\America Online 8.0\Global.org Object is locked skipped

E:\Program Files\America Online 8.0\idb\sysnews.lst Object is locked skipped

E:\Program Files\America Online 8.0\idb\main.idx Object is locked skipped

E:\Program Files\America Online 8.0\idb\Diction.lst Object is locked skipped

E:\Program Files\America Online 8.0\idb\sap.dat Object is locked skipped

E:\Program Files\America Online 8.0\idb\STYLE.LST Object is locked skipped

E:\Program Files\America Online 8.0\idb\Apps.Lst Object is locked skipped

E:\Program Files\America Online 8.0\idb\spool.lst Object is locked skipped

E:\Program Files\America Online 8.0\idb\Toolbar.lst Object is locked skipped

E:\Program Files\America Online 8.0\idb\APP10708.LST Object is locked skipped

E:\Program Files\America Online 8.0\organize\agent57c2 Object is locked skipped

E:\Program Files\America Online 8.0\organize\agent57c2.aby Object is locked skipped

E:\Program Files\America Online 8.0\organize\agent57c2.abi Object is locked skipped

E:\Program Files\America Online 8.0\ShopAssist\DataStore\users\Agent57C2.adb Object is locked skipped

E:\Program Files\America Online 8.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped

E:\Program Files\America Online 8.0\storage\stdout.txt Object is locked skipped

E:\Program Files\America Online 8.0\storage\stderr.txt Object is locked skipped

E:\Program Files\America Online 8.0\storage\server.lock Object is locked skipped

E:\Program Files\America Online 8.0\storage\cache.db Object is locked skipped

E:\Program Files\Norton AntiVirus\Quarantine\50C83846.exe Infected: Trojan-Downloader.Win32.Small.gdr skipped

E:\Program Files\Norton AntiVirus\Quarantine\44082D07.swf Infected: Trojan-Downloader.SWF.Gida.a skipped

E:\Program Files\Norton AntiVirus\Quarantine\440B5704.swf Infected: Trojan-Downloader.SWF.Gida.a skipped

E:\Program Files\webHancer\Programs\whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

E:\Program Files\webHancer\Programs\webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

Scan process completed.


DSS scan

Deckard's System Scanner v20071014.68
Run by Admin on 2008-05-25 10:22:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 5.8 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:37 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\winself.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton Utilities\NPROTECT.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Speed Disk\nopdb.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\wanmpsvc.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\Admin\Desktop\dss.exe
E:\PROGRA~1\HIJACK~1\Admin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - E:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EasyTuneV] E:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsgCenterExe] "E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = E:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179381662015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - E:\WINDOWS\winself.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe

--
End of file - 10657 bytes

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-24 20:10:37 0 d-------- E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-24 13:13:48 0 d-------- E:\WINDOWS\system32\vntiho06
2008-05-24 13:13:30 0 d-------- E:\Program Files\uTorrent
2008-05-24 13:12:47 25601 --a------ E:\WINDOWS\winself.exe
2008-05-06 09:43:04 0 d-------- E:\Program Files\Coupons
2008-05-04 21:48:04 0 d--hs---- E:\FOUND.018
2008-04-28 20:28:22 0 d---s---- E:\Program Files\HLSW
2008-04-28 20:28:22 0 d-------- E:\Documents and Settings\Admin\Application Data\HLSW
2008-04-26 04:31:44 0 d--hs---- E:\FOUND.017


-- Find3M Report ---------------------------------------------------------------

2008-03-26 15:10:26 0 d-------- E:\Program Files\ROBLOX Corporation
2008-03-26 15:10:26 0 d-------- E:\Documents and Settings\Admin\Application Data\ROBLOX
2008-03-25 14:53:42 0 d-------- E:\Program Files\Common Files\xing shared
2008-03-09 22:10:18 17871 --a------ E:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-03-09 22:10:18 167936 --a------ E:\WINDOWS\system32\SpoonUninstall.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM E:\WINDOWS\system32\nwiz.exe]
"EasyTuneV"="E:\Program Files\Gigabyte\ET5\GUI.exe" [05/16/2007 09:51 PM]
"RTHDCPL"="RTHDCPL.EXE" [05/27/2006 10:47 AM E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM E:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM E:\WINDOWS\Alcmtr.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [06/07/2007 10:50 AM]
"CTSysVol"="E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 04:10 PM]
"P17Helper"="P17.dll" [05/02/2005 08:38 PM E:\WINDOWS\system32\P17.dll]
"NWEReboot"="" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"Google Desktop Search"="E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/09/2007 11:13 AM]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"MsgCenterExe"="E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [03/25/2008 02:53 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/25/2008 02:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 01:55 PM]
"Creative Detector"="E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"AdobeUpdater"="E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"Microsoft Windows Installer"="E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe" [05/25/2008 09:39 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=E:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
E:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
E:\PROGRA~1\NORTON~1\Cfgwiz.exe /R




-- End of Deckard's System Scanner: finished at 2008-05-25 10:24:38 ------------

BC AdBot (Login to Remove)

 


#2 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 25 May 2008 - 12:56 PM

Here is the extra.txt that was created during the first run.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.48 MiB / 558.5 MiB
Pagefile Memory (total/avail): 2364.64 MiB / 2036.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 93.14 GiB total, 58.75 GiB free.
D: is Fixed (FAT32) - 74.51 GiB total, 42.43 GiB free.
E: is Fixed (FAT32) - 93.13 GiB total, 5.85 GiB free.
F: is Fixed (FAT32) - 74.5 GiB total, 45.56 GiB free.
G: is CDROM (CDFS)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST3160023A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 74.53 GiB - D:
\PARTITION1 - Extended w/Extended Int 13 - 74.52 GiB - F:

\\.\PHYSICALDRIVE0 - ST3200822A - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 93.16 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 93.15 GiB - E:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\Battlefield 2\\BF2.exe"="D:\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\Admin\Application Data
CLIENTNAME=Console
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=CUMPUTADOR-E
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\CUMPUTADOR-E
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=E:\Program Files\Internet Explorer;;E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\system32\wbem;E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=E:\Program Files
PROMPT=$P$G
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
sourcesdk=e:\program files\steam\steamapps\wygklebold\sourcesdk
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=E:\DOCUME~1\Admin\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=CUMPUTADOR-E
USERNAME=Admin
USERPROFILE=E:\Documents and Settings\Admin
VProject=e:\program files\steam\steamapps\wygklebold\counter-strike source\cstrike
windir=E:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Admin (admin)
asdf (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "E:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> E:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> E:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> E:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> E:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player ActiveX --> E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0 --> E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"E:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> E:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Adobe SVG Viewer --> E:\WINDOWS\IsUninst.exe -f"E:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
America Online (Choose which version to remove) --> E:\Program Files\Common Files\aolshare\Aolunins_us.exe
American Greetings® Art & More Store --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Mindscape\Art & More Store\Uninst.isu"
AOL Coach Version 1.0(Build:20030807.3) --> E:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
Athlon 64 Processor Driver --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Battlefield 1942 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 2™ --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BB9 Reloader --> MsiExec.exe /I{C285B4F4-C059-4DD0-834B-342B54BE231C}
Canon S300 --> E:\WINDOWS\system32\CNMCP38.EXE -@E:\WINDOWS\IsUninst.exe -f"E:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\DeIsL1.isu" -pCanon S300-c"E:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\bjinst.dll
City of Villains/City of Heroes (remove only) --> "E:\Program Files\City of Heroes\uninstall.exe"
Command & Conquer The First Decade --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Company of Heroes Singleplayer Demo --> "E:\Program Files\Steam\steam.exe" steam://uninstall/9300
Counter-Strike: Source --> "E:\PROGRA~1\STEAM\steam.exe" steam://uninstall/240
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Coupon Printer for Windows --> "E:\Program Files\Coupons\uninstall.exe" "/U:E:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative MediaSource --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Day of Defeat: Source --> "E:\PROGRA~1\STEAM\steam.exe" steam://uninstall/300
dBpowerAMP Music Converter --> "E:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>E:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
EasyTune5 --> E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Gigabyte\ET5\Uninst.isu" -c"E:\Program Files\Gigabyte\ET5\uninstdrv.dll"
EVGA Display Driver --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
FEAR MP Demo --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0C8CD594-4C26-4AD9-AEAB-C6245D8EA9EE}\setup.exe" -l0x9 -removeonly
Flash Movie Player 1.5 --> E:\Program Files\Flash Movie Player\uninst.exe
GameSpy Arcade --> E:\PROGRA~1\GAMESP~1\UNWISE.EXE E:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Desktop --> E:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "e:\program files\google\googletoolbar1.dll"
Half-Life 2 --> "E:\PROGRA~1\STEAM\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "E:\PROGRA~1\STEAM\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "E:\PROGRA~1\STEAM\steam.exe" steam://uninstall/340
High Definition Audio Driver Package - KB888111 --> "E:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> E:\Program Files\HijackThis\HijackThis.exe /uninstall
HLSW v1.2.1.2 --> "E:\Program Files\HLSW\unins000.exe"
HP PrecisionScan LTX --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"E:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
HP Share-to-Web --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" -uninst
i-Cool --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\GIGABYTE\i-Cool\Uninst.isu"
Image Transfer --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
J2SE Development Kit 5.0 Update 12 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150120}
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> E:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> E:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.11 --> "E:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> E:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> E:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection E:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MicroStaff WINASPI --> E:\MWASPI\uninst.exe
Mozilla Firefox (2.0.0.14) --> E:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> E:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 7 Essentials --> MsiExec.exe /I{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}
Norton AntiVirus 2002 --> MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE}
Norton Utilities 2002 for Windows --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Norton Utilities\Uninst.isu" -c"E:\Program Files\Norton Utilities\_ISNU.DLL"
NVIDIA Drivers --> E:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
Panda ActiveScan --> E:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PrintMaster 7.00 --> c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst
Prison Tycoon --> D:\Prison Tycoon\data\gvnUninstaller.exe
QuickTime --> E:\WINDOWS\unvise32qt.exe E:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Red Orchestra --> "E:\Program Files\Steam\steam.exe" steam://uninstall/1200
RedLightCenter --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{35C73A54-1428-4893-B041-58AA594F4ACD}\setup.exe" -l0x9
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
ROBLOX --> MsiExec.exe /X{272C2E66-6D29-4FB3-835B-05A4ED8E63FD}
Serif DrawPlus 3.0 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Sony USB Driver --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sound Blaster Audigy --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Source SDK --> "E:\Program Files\Steam\steam.exe" steam://uninstall/211
Source SDK Base --> "E:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy 1.4 --> "E:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starting Out with VB .NET Student Files --> E:\VB NET Student Disk Files\Uninstal.exe
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPER © Version 2007.bld.23 (July 4, 2007) --> E:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
TeamSpeak 2 RC2 --> "E:\Program Files\Teamspeak2_RC2\unins000.exe"
UninstallBlitz --> "E:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer™ Generals Zero Hour\unins000.exe"
VideoLAN VLC media player 0.8.6c --> E:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> E:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar --> E:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Windows Media Format 11 runtime --> "E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> E:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
WM Recorder 11.0 --> E:\Program Files\WMR11\Uninstal.exe
Xvid 1.1.3 final uninstall --> "E:\Program Files\Xvid\unins000.exe"
ZoneAlarm --> E:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6133 / Error
Event Submitted/Written: 05/25/2008 09:39:35 AM
Event ID/Source: 4097 / Norton AntiVirus
Event Description:
The file
E:\Program Files\uTorrent\uTorrent.upx
is infected with the Downloader virus.Access to the file was denied.

Event Record #/Type6132 / Error
Event Submitted/Written: 05/25/2008 09:39:35 AM
Event ID/Source: 4097 / Norton AntiVirus
Event Description:
The file
E:\Program Files\uTorrent\uTorrent.upx
is infected with the Downloader virus.Unable to repair this file.

Event Record #/Type6124 / Warning
Event Submitted/Written: 05/24/2008 01:14:48 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00000409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Event Record #/Type6122 / Warning
Event Submitted/Written: 05/24/2008 01:14:48 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00000409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Event Record #/Type6120 / Warning
Event Submitted/Written: 05/24/2008 01:14:47 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00000409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29882 / Warning
Event Submitted/Written: 05/25/2008 09:38:21 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\DAD-EDD5770C208 on the network \Device\NetBT_Tcpip_{A35FA780-5896-4016-83A8-BA645F256C8D}.
The data is the error code.

Event Record #/Type29877 / Error
Event Submitted/Written: 05/25/2008 09:29:12 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer DAD-EDD5770C208
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A35FA780-589.
The master browser is stopping or an election is being forced.

Event Record #/Type29850 / Error
Event Submitted/Written: 05/25/2008 00:06:08 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

Event Record #/Type29840 / Error
Event Submitted/Written: 05/24/2008 09:39:53 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0006F03A-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type29839 / Error
Event Submitted/Written: 05/24/2008 09:39:18 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0006F03A-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-05-25 09:41:44 ------------

#3 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 25 May 2008 - 09:15 PM

Today While playing battlefiel 1942 there was a error in one of the porgrams running in the backround. It is actually 24336.exe, not 24436.exe as I thought before. I clicked on more details, it is in E:\DOCUME~1\Admin\LOCALS~1\Temp\2827_appcompat.txt
I don't think this is part of the DSS program, after doing a search on google I found this site, I don't know if it is of any help
http://www.google.com/search?q=cache:cboFE...;cd=2&gl=us
I have blocked 24336's access in my firewall.

Edited by qtaqq, 25 May 2008 - 09:17 PM.


#4 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 31 May 2008 - 07:22 AM

Everytime my computer starts up my firewall catches the program winself.exe trying to access the internet.
I did a virus scan last night. It found these four files.
bbbti.exe
mmonhj.exe
s_loader.exe
all three were quarantined
winself.exe
could not quarantine or delete

#5 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 21 June 2008 - 10:29 AM

Hi, sorry for the delay. If you would still like assistance please run Deckard's System Scanner again and post the new log here.

#6 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 22 June 2008 - 03:33 AM

Thanks for the reply, the only other thing I have done to fix this problem was block winself.exe access in my firewall.
Last night during my automatic virus scan it found two files:

24336.exe trojan.farfli
winself.exe backdoor.trojan

quarantined 24336.exe
could not quarantine or delete winself.exe
Oh, and I did have to go back to my onboard video since my video card started to crash so bad and have memory errors (not sure if that was on video card memory or actual system memory), could that be virus related? The crashes still occured after installing the latest drivers.

Here is the deckard scan:

Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-22 01:27:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 2.25 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:51 AM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\winself.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton Utilities\NPROTECT.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Speed Disk\nopdb.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\wanmpsvc.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\America Online 8.0\waol.exe
E:\Program Files\America Online 8.0\shellmon.exe
E:\Program Files\America Online 8.0\aolwbspd.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Admin\Desktop\dss.exe
E:\PROGRA~1\HIJACK~1\Admin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - E:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EasyTuneV] E:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = E:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179381662015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2189D58F-8263-4370-9444-0A63BA9FA721}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{2189D58F-8263-4370-9444-0A63BA9FA721}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - E:\WINDOWS\winself.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe

--
End of file - 11003 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-19 01:44:00 0 d--hs---- E:\FOUND.023
2008-06-18 06:44:29 0 d-------- E:\WINDOWS\nview
2008-06-18 00:40:28 0 d--hs---- E:\FOUND.022
2008-06-16 15:21:03 0 d-------- E:\WINDOWS\nvidia icons
2008-06-14 20:53:10 0 d--hs---- E:\FOUND.021
2008-06-11 11:05:32 0 d--hs---- E:\FOUND.020
2008-06-05 11:19:40 0 d--hs---- E:\FOUND.019
2008-05-24 20:10:37 0 d-------- E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-24 13:13:48 0 d-------- E:\WINDOWS\system32\vntiho06
2008-05-24 13:13:30 0 d-------- E:\Program Files\uTorrent
2008-05-24 13:12:47 25601 -----n--- E:\WINDOWS\winself.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-06 09:43:06 0 d-------- E:\Program Files\Coupons
2008-05-02 22:46:00 1630208 --a------ E:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ E:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ E:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ E:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ E:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ E:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ E:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ E:\WINDOWS\system32\keystone.exe
2008-04-28 20:28:24 0 d---s---- E:\Program Files\HLSW
2008-04-28 20:28:24 0 d-------- E:\Documents and Settings\Admin\Application Data\HLSW


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="E:\Program Files\Gigabyte\ET5\GUI.exe" [05/16/2007 09:51 PM]
"RTHDCPL"="RTHDCPL.EXE" [05/27/2006 10:47 AM E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM E:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM E:\WINDOWS\Alcmtr.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [06/07/2007 10:50 AM]
"CTSysVol"="E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 04:10 PM]
"P17Helper"="P17.dll" [05/02/2005 08:38 PM E:\WINDOWS\system32\P17.dll]
"NWEReboot"="" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Google Desktop Search"="E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/09/2007 11:13 AM]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"MsgCenterExe"="E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [03/25/2008 02:53 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/25/2008 02:53 PM]
"KernelFaultCheck"="E:\WINDOWS\system32\dumprep 0 -k" []
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 01:55 PM]
"Creative Detector"="E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"AdobeUpdater"="E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"Microsoft Windows Installer"="E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=E:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
E:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
E:\PROGRA~1\NORTON~1\Cfgwiz.exe /R




-- End of Deckard's System Scanner: finished at 2008-06-22 01:28:49 ------------

Edited by qtaqq, 22 June 2008 - 03:36 AM.


#7 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 22 June 2008 - 07:38 AM

I forgot to ask above but with the Deckard System Scanner should I be getting a malicious script warning? It says the action it is trying to perform is getfile. I denied it because I wasn't sure, and the other time I ran the system scanner was when 24336.exe came up as trying to run scripts, and I thought it was part of the program and I allowed it and it probably loaded more stuff onto my computer.

My system is still crashing using onboard video, once it tells me via microsoft error reporting what specifically the problem is I will tell you. The crashes since the virus have been more frequent lately, probably 6-7 a day now, when it used to crash maybe once every 3 days, and like I said it is getting memory errors now.

#8 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 22 June 2008 - 08:36 AM

Hi again, first off, as far as Deckard's System Scanner (DSS) is concerned, you may see a malicious script warning, nothing in it is malicious and you can allow the getfile action. However, the numbered file which was detected as a trojan is not something you want to allow. Let's try to clean some of this up.

Before we start fixing anything you should print out these instructions or copy them to a Notepad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix but it looks like you're using "E").
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next reply along with a new Deckard's System Scanner (DSS) log. Let me know how things are now.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe


#9 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 23 June 2008 - 09:08 AM

Yes, I run E as my primary OS drive for this version of windows, since I dual boot Windows XP 32 and 64 bit.

As far as the computer is running it has not crashed yet since I have ran sdfix, I'll let you know how it turns out after a day of running. Here are the logs:


SDFix: Version 1.196
Run by Admin on Mon 06/23/2008 at 03:33 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: E:\SDFix\SDFix

Checking Services :

Name :
MsSecurity1.209.4

Path :
E:\WINDOWS\winself.exe service

MsSecurity1.209.4 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

E:\WINDOWS\megavid.cdt - Deleted
E:\WINDOWS\muotr.so - Deleted
E:\WINDOWS\system32\pac.txt - Deleted
E:\WINDOWS\winself.exe - Deleted



Folder E:\WINDOWS\system32\vntiho06 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 03:38:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Battlefield 2\\BF2.exe"="D:\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - E:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "E:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "E:\WINDOWS\system32\msfDX.dll"
Fri 15 Aug 2003 49,237 A..H. --- "E:\Program Files\America Online 9.0\aolphx.exe"
Fri 15 Aug 2003 36,953 A..H. --- "E:\Program Files\America Online 9.0\aoltray.exe"
Fri 15 Aug 2003 40,960 A..H. --- "E:\Program Files\America Online 9.0\RBM.exe"
Fri 23 Feb 2007 225,380 A..H. --- "E:\Program Files\America Online 9.0\waol.exe"
Thu 27 Mar 2003 237,636 A..H. --- "E:\Program Files\America Online 8.0\waol.exe"
Thu 27 Mar 2003 49,224 A..H. --- "E:\Program Files\America Online 8.0\aolphx.exe"
Thu 27 Mar 2003 36,940 A..H. --- "E:\Program Files\America Online 8.0\aoltray.exe"
Thu 27 Mar 2003 40,960 A..H. --- "E:\Program Files\America Online 8.0\RBM.exe"
Thu 21 Jun 2007 4,348 A.SH. --- "E:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Mar 2003 49,226 A..H. --- "E:\Program Files\America Online 8.0\COMIT\cswitch.exe"
Fri 7 Sep 2007 72,704 ..SHR --- "E:\Program Files\eRightSoft\SUPER\Setup.exe"
Sun 26 Jun 2005 616,448 ..SHR --- "E:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "E:\Program Files\eRightSoft\SUPER\cygz.dll"
Mon 18 Jun 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 3 Jun 2002 84,992 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Mon 3 Jun 2002 44,032 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Mon 3 Jun 2002 20,480 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "E:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Tue 11 Apr 2006 36,352 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL0002.tmp"
Fri 21 Apr 2006 26,112 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL0003.tmp"
Tue 11 Apr 2006 36,864 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL0005.tmp"
Fri 21 Apr 2006 25,600 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL0313.tmp"
Fri 21 Apr 2006 19,968 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL0612.tmp"
Tue 11 Apr 2006 72,192 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL1001.tmp"
Tue 11 Apr 2006 25,600 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL1169.tmp"
Tue 11 Apr 2006 22,528 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL1178.tmp"
Tue 11 Apr 2006 27,648 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL1311.tmp"
Tue 11 Apr 2006 35,328 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL1468.tmp"
Fri 21 Apr 2006 21,504 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL1708.tmp"
Tue 11 Apr 2006 35,328 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL1720.tmp"
Tue 11 Apr 2006 28,160 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL2431.tmp"
Tue 11 Apr 2006 27,648 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL3414.tmp"
Tue 11 Apr 2006 35,840 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL3503.tmp"
Tue 11 Apr 2006 66,048 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL3823.tmp"
Tue 11 Apr 2006 34,816 A..H. --- "E:\Documents and Settings\Admin\My Documents\mydocuments\My Documents\~WRL4067.tmp"
Thu 27 Mar 2003 106,496 A..H. --- "E:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Thu 16 Aug 2007 126,976 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~DDE.tmp"
Sat 18 Aug 2007 126,976 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~4.tmp"
Wed 29 Aug 2007 214,528 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~70.tmp"
Thu 30 Aug 2007 214,528 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~35.tmp"
Sat 1 Sep 2007 214,528 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~5.tmp"
Sun 2 Sep 2007 214,528 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~58.tmp"
Mon 3 Sep 2007 214,528 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~89.tmp"
Fri 5 Oct 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~1B.tmp"
Fri 23 Nov 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~66.tmp"
Tue 27 Nov 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~6.tmp"
Wed 28 Nov 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~21F.tmp"
Wed 12 Dec 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~FA.tmp"
Sat 15 Dec 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~1C55.tmp"
Sat 15 Dec 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~D3.tmp"
Thu 20 Dec 2007 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~108.tmp"
Wed 2 Jan 2008 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~7.tmp"
Thu 3 Jan 2008 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~10AA.tmp"
Tue 8 Jan 2008 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~8.tmp"
Fri 25 Jan 2008 197,120 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~C.tmp"
Mon 18 Feb 2008 209,920 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~207.tmp"
Tue 19 Feb 2008 209,920 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~63.tmp"
Tue 19 Feb 2008 209,920 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~28.tmp"
Sat 23 Feb 2008 209,920 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~1E.tmp"
Tue 26 Feb 2008 210,432 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~27.tmp"
Wed 27 Feb 2008 210,432 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~88.tmp"
Wed 5 Mar 2008 209,408 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~22.tmp"
Wed 5 Mar 2008 209,408 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~9.tmp"
Fri 7 Mar 2008 209,408 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~14A6.tmp"
Tue 25 Mar 2008 211,968 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~1C96.tmp"
Mon 31 Mar 2008 211,968 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~E9.tmp"
Sat 26 Apr 2008 214,016 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~1591.tmp"
Mon 14 Apr 2008 211,968 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~53.tmp"
Fri 2 May 2008 214,016 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~A.tmp"
Sat 3 May 2008 214,016 A..H. --- "E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\~2F.tmp"

Finished!




Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-23 03:41:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 1.69 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:33 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton Utilities\NPROTECT.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Speed Disk\nopdb.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\wanmpsvc.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
E:\Documents and Settings\Admin\Desktop\dss.exe
E:\PROGRA~1\HIJACK~1\Admin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - E:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EasyTuneV] E:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = E:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179381662015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe

--
End of file - 10428 bytes

-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 03:29:20 0 d-------- E:\WINDOWS\ERUNT
2008-06-22 05:09:24 0 d--hs---- E:\FOUND.024
2008-06-19 01:44:00 0 d--hs---- E:\FOUND.023
2008-06-18 06:44:29 0 d-------- E:\WINDOWS\nview
2008-06-18 00:40:28 0 d--hs---- E:\FOUND.022
2008-06-16 15:21:03 0 d-------- E:\WINDOWS\nvidia icons
2008-06-14 20:53:10 0 d--hs---- E:\FOUND.021
2008-06-11 11:05:32 0 d--hs---- E:\FOUND.020
2008-06-05 11:19:40 0 d--hs---- E:\FOUND.019
2008-05-24 20:10:37 0 d-------- E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-24 13:13:30 0 d-------- E:\Program Files\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-05-06 09:43:06 0 d-------- E:\Program Files\Coupons
2008-05-02 22:46:00 1630208 --a------ E:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ E:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ E:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ E:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ E:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ E:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ E:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ E:\WINDOWS\system32\keystone.exe
2008-04-28 20:28:24 0 d---s---- E:\Program Files\HLSW
2008-04-28 20:28:24 0 d-------- E:\Documents and Settings\Admin\Application Data\HLSW


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="E:\Program Files\Gigabyte\ET5\GUI.exe" [05/16/2007 09:51 PM]
"RTHDCPL"="RTHDCPL.EXE" [05/27/2006 10:47 AM E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM E:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM E:\WINDOWS\Alcmtr.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [06/07/2007 10:50 AM]
"CTSysVol"="E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 04:10 PM]
"P17Helper"="P17.dll" [05/02/2005 08:38 PM E:\WINDOWS\system32\P17.dll]
"NWEReboot"="" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Google Desktop Search"="E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/09/2007 11:13 AM]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"MsgCenterExe"="E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [03/25/2008 02:53 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/25/2008 02:53 PM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 01:55 PM]
"Creative Detector"="E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"AdobeUpdater"="E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"Microsoft Windows Installer"="E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe" []

E:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [6/6/1998 8:33:30 AM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
America Online 8.0 Tray Icon.lnk - E:\Program Files\America Online 8.0\aoltray.exe [6/17/2007 12:53:15 PM]
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/29/2007 8:42:02 PM]
Image Transfer.lnk - E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [7/31/2007 12:15:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=E:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
E:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
E:\PROGRA~1\NORTON~1\Cfgwiz.exe /R




-- End of Deckard's System Scanner: finished at 2008-06-23 03:42:43 ------------

#10 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 23 June 2008 - 08:37 PM

Ok, there are still a few bad things left. However, you are not running any anti-virus that I can see which is leaving you wide open to reinfection. Please take note of this from the DSS log: System Drive E: has 1.69 GiB (less than 15%) free. Having less than 15% free space is not generally recommended. The free space has also gone down by a few GB since you posted originally. Here are some free anti-virus programs. Avira, Avast, AVG.

This application is not very large, so while you decide how to free up some space let's use it to try and clean up the rest.

Please download Malwarebytes' Anti-Malware and save it to your Desktop.
Alternate download location
Alternate download location

Double-click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please make sure you post the log in your next response.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


After running that, open HijackThis and choose Do a system scan only. Place a check in the box beside this entry if it is still present:

O4 - HKCU\..\Run: [Microsoft Windows Installer] E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe

Close all other open windows and choose Fix checked.

Then, navigate to this folder and delete it:

E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc

Reboot after deleting the folder.

Finally, run Deckard's System Scanner once again and post the log from it and the log from Malwarebytes' Antimalware.

Edited by drex23, 23 June 2008 - 09:10 PM.


#11 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 25 June 2008 - 03:26 AM

I have increased the hardrive space but I don't know what I deleted. I have installed a few games through steam. When I installed the last game I only had 342 mb of hd space left. Since I switched to using the onboard video many of the games don't run. I tried to open HalfLife 2 but because of the onboard video it was not able to load. I am unable to minimize the Steam games when they don't load. I tried to alt ctrl delete since i'm used to windows 98se yet, but with xp you can't repeatedly do that for system restart. Alhtough stuff was running in the backround I don't know what was happening, I was hoping it had HL2 on the top of the list so I could end task but i'm not sure what was actually on the screen since all I could see was the HL2 load screen. I heard the system make a noise and aol signed out. I then just used soft off by holding the power button. When I restarted the computer I checked the hardrive space available and it read 10.2 gb. So somehow I cleared up something for about 9 and a half gb. I'm not sure what I deleted though. None of my main games files were deleted and nothing was in the recycle bin. Using the clean manager, I would only have been able to clear up 19mb of temp internet files. So, I have no idea what I did to gain the extra 9gb. When I was getting low on space before I was only able to get about 4-5 gb of space opened up but I don't know what I did to have almost 10 now. I have since installed another game through steam that is why i'm at 7.68 gb right now.
I am running Norton Anti-virus 2002, it never seems to be recognized windows that it's installed. I have tried reinstalling it several times but it still doesn't know it is running. I know it's working because it has been able to stop viruses before, alert me of scripts, and do its autoupdates.
After running Malwarebytes' Anti-Malware I didn't find this file using hijack this,
O4 - HKCU\..\Run: [Microsoft Windows Installer] E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\24336.exe
and this folder was no longer there,
E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc
I rebooted the computer and ran Deckards System Scanner, here are the logs:

Malwarebytes' Anti-Malware 1.18
Database version: 888

12:34:45 AM 6/25/2008
mbam-log-6-25-2008 (00-34-45).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 254492
Time elapsed: 1 hour(s), 19 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{006c2f9b-122d-438f-bac0-de3c620d2ec6} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{010653e4-75ec-4d9b-ae49-f64fc810770d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{01417316-4620-43c7-b635-f4f381596978} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
E:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\temp.fr58F2\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
E:\Deckard\System Scanner\20080525102205\backup\DOCUME~1\Admin\LOCALS~1\Temp\temp.fr58F2\Programs\webhdll.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
E:\Documents and Settings\Admin\Application Data\Microsoft\dtsc\id (Trojan.Agent) -> Quarantined and deleted successfully.



Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-25 01:02:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 7.68 GiB (less than 15%) free.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:39 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton Utilities\NPROTECT.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Speed Disk\nopdb.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\wanmpsvc.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Admin\Desktop\dss.exe
E:\PROGRA~1\HIJACK~1\Admin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - E:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EasyTuneV] E:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = E:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179381662015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe

--
End of file - 10272 bytes

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-24 20:51:07 0 d-------- E:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-24 20:51:05 0 d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 20:51:04 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 00:08:14 0 d--hs---- E:\FOUND.026
2008-06-23 22:45:24 0 d--hs---- E:\FOUND.025
2008-06-23 03:29:20 0 d-------- E:\WINDOWS\ERUNT
2008-06-22 05:09:24 0 d--hs---- E:\FOUND.024
2008-06-19 01:44:00 0 d--hs---- E:\FOUND.023
2008-06-18 06:44:29 0 d-------- E:\WINDOWS\nview
2008-06-18 00:40:28 0 d--hs---- E:\FOUND.022
2008-06-16 15:21:03 0 d-------- E:\WINDOWS\nvidia icons
2008-06-14 20:53:10 0 d--hs---- E:\FOUND.021
2008-06-11 11:05:32 0 d--hs---- E:\FOUND.020
2008-06-05 11:19:40 0 d--hs---- E:\FOUND.019


-- Find3M Report ---------------------------------------------------------------

2008-05-24 13:13:32 0 d-------- E:\Program Files\uTorrent
2008-05-06 09:43:06 0 d-------- E:\Program Files\Coupons
2008-05-02 22:46:00 1630208 --a------ E:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ E:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ E:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ E:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ E:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ E:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ E:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ E:\WINDOWS\system32\keystone.exe
2008-04-28 20:28:24 0 d---s---- E:\Program Files\HLSW
2008-04-28 20:28:24 0 d-------- E:\Documents and Settings\Admin\Application Data\HLSW


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="E:\Program Files\Gigabyte\ET5\GUI.exe" [05/16/2007 09:51 PM]
"RTHDCPL"="RTHDCPL.EXE" [05/27/2006 10:47 AM E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM E:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM E:\WINDOWS\Alcmtr.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [06/07/2007 10:50 AM]
"CTSysVol"="E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 04:10 PM]
"P17Helper"="P17.dll" [05/02/2005 08:38 PM E:\WINDOWS\system32\P17.dll]
"NWEReboot"="" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Google Desktop Search"="E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/09/2007 11:13 AM]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"MsgCenterExe"="E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [03/25/2008 02:53 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/25/2008 02:53 PM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 01:55 PM]
"Creative Detector"="E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"AdobeUpdater"="E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]

E:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [6/6/1998 8:33:30 AM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
America Online 8.0 Tray Icon.lnk - E:\Program Files\America Online 8.0\aoltray.exe [6/17/2007 12:53:15 PM]
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/29/2007 8:42:02 PM]
Image Transfer.lnk - E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [7/31/2007 12:15:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=E:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
E:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
E:\PROGRA~1\NORTON~1\Cfgwiz.exe /R




-- End of Deckard's System Scanner: finished at 2008-06-25 01:03:23 ------------

#12 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 25 June 2008 - 10:53 PM

Hi, don't worry about not being able to find the folder and entry, I added in case MBAM didn't get it, but it deleted them for you. As far as the AV, I noted its absence from the 04 section which is the running programs. It is elsewhere, but it should be showing up there if it is being run with it's full real-time protection. I do see parts of it elsewhere though. Windows may not be recognizing it because it's the 2002 version I believe you said. I'm not intimately familiar with their products, but are you still getting updates for that? Anyway, let's do this now.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#13 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 26 June 2008 - 06:42 AM

Hi, I ran combofix. I turned off Norton AntiVirus' autoprotect but I guess the script blocking was still on. Combofix seemed to skip over the script if I didn't say to allow it fast enough, so the first log is with some script blocked and the second is with all scripts allowed (incase maybe it changed something the first run and it would show up as detected in the second log since combo fix already fixed it).

ComboFix 08-06-20.4 - Admin 2008-06-26 4:28:31.1 - FAT32x86
Running from: E:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: E:\Documents and Settings\Admin\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\Downloaded Program Files\setup.inf
E:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 08:53 . 2008-06-25 08:53 <DIR> d-------- E:\Program Files\Microsoft Silverlight
2008-06-25 02:30 . 2008-06-25 02:30 <DIR> d--hs---- E:\FOUND.027
2008-06-24 20:51 . 2008-06-24 20:51 <DIR> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 20:51 . 2008-06-24 20:51 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 20:51 . 2008-06-24 20:51 <DIR> d-------- E:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-24 20:51 . 2008-06-19 17:48 34,296 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-24 20:51 . 2008-06-19 17:47 17,144 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 00:08 . 2008-06-24 00:08 <DIR> d--hs---- E:\FOUND.026
2008-06-23 22:45 . 2008-06-23 22:45 <DIR> d--hs---- E:\FOUND.025
2008-06-23 03:29 . 2008-06-23 03:29 <DIR> d-------- E:\WINDOWS\ERUNT
2008-06-23 03:28 . 2008-06-23 03:28 <DIR> d-------- E:\SDFix
2008-06-22 05:09 . 2008-06-22 05:09 <DIR> d--hs---- E:\FOUND.024
2008-06-22 01:03 . 2008-06-26 04:04 186,602 --a------ E:\WINDOWS\system32\nvapps.xml
2008-06-22 01:03 . 2008-05-02 22:46 181,895 --a------ E:\WINDOWS\system32\nvdsp.chm
2008-06-22 01:03 . 2008-05-02 22:46 121,529 --a------ E:\WINDOWS\system32\nvcpl.chm
2008-06-22 01:03 . 2008-05-02 22:46 116,384 --a------ E:\WINDOWS\system32\nv3d.chm
2008-06-22 01:03 . 2008-05-02 22:46 54,988 --a------ E:\WINDOWS\system32\nvmob.chm
2008-06-22 01:03 . 2008-05-02 22:46 18,070 --a------ E:\WINDOWS\system32\nvdisp.nvu
2008-06-19 01:44 . 2008-06-19 01:44 <DIR> d--hs---- E:\FOUND.023
2008-06-18 06:44 . 2008-06-18 06:44 <DIR> d-------- E:\WINDOWS\nview
2008-06-18 00:40 . 2008-06-18 00:40 <DIR> d--hs---- E:\FOUND.022
2008-06-16 15:21 . 2008-06-16 15:21 <DIR> d-------- E:\WINDOWS\nvidia icons
2008-06-14 20:53 . 2008-06-14 20:53 <DIR> d--hs---- E:\FOUND.021
2008-06-11 11:05 . 2008-06-11 11:05 <DIR> d--hs---- E:\FOUND.020
2008-06-09 15:45 . 2008-06-09 15:45 75 --a------ E:\WINDOWS\pixworks.ini
2008-06-05 11:19 . 2008-06-05 11:19 <DIR> d--hs---- E:\FOUND.019
2008-06-04 20:59 . 2008-06-23 07:16 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-06-04 20:59 . 2008-06-04 20:59 1,409 --a------ E:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 11:02 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 11:02 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 20:19 1,507,328 ------w E:\WINDOWS\Internet Logs\xDB12.tmp
2008-06-15 12:46 33,367,035 ------w E:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-15 12:41 2,636,288 ------w E:\WINDOWS\Internet Logs\xDB11.tmp
2008-06-09 20:04 3,114,496 ------w E:\WINDOWS\Internet Logs\xDB10.tmp
2008-06-05 18:49 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-05 18:49 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe
2008-05-25 03:10 --------- d-----w E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-24 20:13 --------- d-----w E:\Program Files\uTorrent
2008-05-06 16:43 --------- d-----w E:\Program Files\Coupons
2008-05-01 00:27 442,368 ----a-w E:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 03:28 --------- d-s---w E:\Program Files\HLSW
2008-04-29 03:28 --------- d-----w E:\Documents and Settings\Admin\Application Data\HLSW
2008-04-11 00:00 2,719,744 ------w E:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-04 18:49 2,753,536 ------w E:\WINDOWS\Internet Logs\xDBE.tmp
2007-09-12 13:16 53,820,960 ----a-w E:\Program Files\jdk-1_5_0_12-windows-i586-p.exe
2006-05-03 09:06 163,328 --sh--r E:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r E:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 13:55 68856]
"Creative Detector"="E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"AdobeUpdater"="E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="E:\Program Files\Gigabyte\ET5\GUI.exe" [2007-05-16 21:51 207680]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 10:47 16208384 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 E:\WINDOWS\SkyTel.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-06-07 10:50 98304]
"CTSysVol"="E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
"P17Helper"="P17.dll" [2005-05-02 20:38 64512 E:\WINDOWS\system32\P17.dll]
"NWEReboot"="" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"Google Desktop Search"="E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 11:13 1838592]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"MsgCenterExe"="E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-03-25 14:53 69632]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 14:53 185896]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

E:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [1998-06-06 08:33:30 325632]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
America Online 8.0 Tray Icon.lnk - E:\Program Files\America Online 8.0\aoltray.exe [2007-06-17 12:53:15 36940]
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-29 20:42:02 113664]
Image Transfer.lnk - E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2007-07-31 12:15:34 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=E:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
--a------ 2001-08-16 17:52 74832 E:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2001-08-16 18:15 300112 E:\PROGRA~1\NORTON~1\Cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"E:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 NPF;NetGroup Packet Filter Driver;E:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 11:03:56 E:\WINDOWS\Tasks\Symantec NetDetect.job"
- E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-21 05:37:30 E:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- E:\PROGRA~1\NORTON~1\NAVW32.exeG/task:E:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 04:31:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
.
Completion time: 2008-06-26 4:31:52
ComboFix2.txt 2007-07-14 20:03:50
ComboFix-quarantined-files.txt 2008-06-26 11:31:50

Pre-Run: 6,430,654,464 bytes free
Post-Run: 6,585,745,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /noexecute=optin /fastdetect /usepmtimer
C:\="Microsoft Windows"
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

156


ComboFix 08-06-20.4 - Admin 2008-06-26 4:33:52.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.505 [GMT -7:00]
Running from: E:\Documents and Settings\Admin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 08:53 . 2008-06-25 08:53 <DIR> d-------- E:\Program Files\Microsoft Silverlight
2008-06-25 02:30 . 2008-06-25 02:30 <DIR> d--hs---- E:\FOUND.027
2008-06-24 20:51 . 2008-06-24 20:51 <DIR> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 20:51 . 2008-06-24 20:51 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 20:51 . 2008-06-24 20:51 <DIR> d-------- E:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-24 20:51 . 2008-06-19 17:48 34,296 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-24 20:51 . 2008-06-19 17:47 17,144 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 00:08 . 2008-06-24 00:08 <DIR> d--hs---- E:\FOUND.026
2008-06-23 22:45 . 2008-06-23 22:45 <DIR> d--hs---- E:\FOUND.025
2008-06-23 03:29 . 2008-06-23 03:29 <DIR> d-------- E:\WINDOWS\ERUNT
2008-06-23 03:28 . 2008-06-23 03:28 <DIR> d-------- E:\SDFix
2008-06-22 05:09 . 2008-06-22 05:09 <DIR> d--hs---- E:\FOUND.024
2008-06-22 01:03 . 2008-06-26 04:04 186,602 --a------ E:\WINDOWS\system32\nvapps.xml
2008-06-22 01:03 . 2008-05-02 22:46 181,895 --a------ E:\WINDOWS\system32\nvdsp.chm
2008-06-22 01:03 . 2008-05-02 22:46 121,529 --a------ E:\WINDOWS\system32\nvcpl.chm
2008-06-22 01:03 . 2008-05-02 22:46 116,384 --a------ E:\WINDOWS\system32\nv3d.chm
2008-06-22 01:03 . 2008-05-02 22:46 54,988 --a------ E:\WINDOWS\system32\nvmob.chm
2008-06-22 01:03 . 2008-05-02 22:46 18,070 --a------ E:\WINDOWS\system32\nvdisp.nvu
2008-06-19 01:44 . 2008-06-19 01:44 <DIR> d--hs---- E:\FOUND.023
2008-06-18 06:44 . 2008-06-18 06:44 <DIR> d-------- E:\WINDOWS\nview
2008-06-18 00:40 . 2008-06-18 00:40 <DIR> d--hs---- E:\FOUND.022
2008-06-16 15:21 . 2008-06-16 15:21 <DIR> d-------- E:\WINDOWS\nvidia icons
2008-06-14 20:53 . 2008-06-14 20:53 <DIR> d--hs---- E:\FOUND.021
2008-06-11 11:05 . 2008-06-11 11:05 <DIR> d--hs---- E:\FOUND.020
2008-06-09 15:45 . 2008-06-09 15:45 75 --a------ E:\WINDOWS\pixworks.ini
2008-06-05 11:19 . 2008-06-05 11:19 <DIR> d--hs---- E:\FOUND.019
2008-06-04 20:59 . 2008-06-23 07:16 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-06-04 20:59 . 2008-06-04 20:59 1,409 --a------ E:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 11:02 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 11:02 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 20:19 1,507,328 ------w E:\WINDOWS\Internet Logs\xDB12.tmp
2008-06-15 12:46 33,367,035 ------w E:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-15 12:41 2,636,288 ------w E:\WINDOWS\Internet Logs\xDB11.tmp
2008-06-09 20:04 3,114,496 ------w E:\WINDOWS\Internet Logs\xDB10.tmp
2008-06-05 18:49 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-05 18:49 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe
2008-05-25 03:10 --------- d-----w E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-24 20:13 --------- d-----w E:\Program Files\uTorrent
2008-05-06 16:43 --------- d-----w E:\Program Files\Coupons
2008-05-01 00:27 442,368 ----a-w E:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 03:28 --------- d-s---w E:\Program Files\HLSW
2008-04-29 03:28 --------- d-----w E:\Documents and Settings\Admin\Application Data\HLSW
2008-04-11 00:00 2,719,744 ------w E:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-04 18:49 2,753,536 ------w E:\WINDOWS\Internet Logs\xDBE.tmp
2007-09-12 13:16 53,820,960 ----a-w E:\Program Files\jdk-1_5_0_12-windows-i586-p.exe
2006-05-03 09:06 163,328 --sh--r E:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r E:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 13:55 68856]
"Creative Detector"="E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"AdobeUpdater"="E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="E:\Program Files\Gigabyte\ET5\GUI.exe" [2007-05-16 21:51 207680]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 10:47 16208384 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 E:\WINDOWS\SkyTel.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-06-07 10:50 98304]
"CTSysVol"="E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
"P17Helper"="P17.dll" [2005-05-02 20:38 64512 E:\WINDOWS\system32\P17.dll]
"NWEReboot"="" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"Google Desktop Search"="E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 11:13 1838592]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"MsgCenterExe"="E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-03-25 14:53 69632]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 14:53 185896]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

E:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [1998-06-06 08:33:30 325632]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
America Online 8.0 Tray Icon.lnk - E:\Program Files\America Online 8.0\aoltray.exe [2007-06-17 12:53:15 36940]
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-29 20:42:02 113664]
Image Transfer.lnk - E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2007-07-31 12:15:34 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=E:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
--a------ 2001-08-16 17:52 74832 E:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2001-08-16 18:15 300112 E:\PROGRA~1\NORTON~1\Cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"E:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 NPF;NetGroup Packet Filter Driver;E:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 11:03:56 E:\WINDOWS\Tasks\Symantec NetDetect.job"
- E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-21 05:37:30 E:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- E:\PROGRA~1\NORTON~1\NAVW32.exeG/task:E:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 04:35:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
.
Completion time: 2008-06-26 4:35:40
ComboFix3.txt 2007-07-14 20:03:50
ComboFix-quarantined-files.txt 2008-06-26 11:35:38
ComboFix2.txt 2008-06-26 11:31:54

Pre-Run: 6,531,350,528 bytes free
Post-Run: 6,513,262,592 bytes free

143


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:51 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton Utilities\NPROTECT.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Speed Disk\nopdb.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\wanmpsvc.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\Norton AntiVirus\navapw32.exe
E:\WINDOWS\explorer.exe
E:\Program Files\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - E:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EasyTuneV] E:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "E:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = E:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179381662015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{2189D58F-8263-4370-9444-0A63BA9FA721}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe

--
End of file - 10553 bytes

Edited by qtaqq, 26 June 2008 - 06:43 AM.


#14 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 27 June 2008 - 11:29 AM

Hi again,

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a check mark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Next, back in normal mode do the following.


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please also do a new scan with DSS after completing the above and post the log from that along with the ones from SuperAntiSpyware and Kaspersky. Let me know how things are now.

#15 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 28 June 2008 - 12:45 PM

Hi, I have installed the above programs but cannot get my computer into safe mode now. On a restart should I hear the POST beeps? If I should I don't hear any, I only hear them when I turn on the computer. I tried it several times trying to get it into safe mode from a restart and from just turning on the computer. Also, since installing the windows recovery program I noticed my boot screen selection time has decreased from 20 seconds to 1 or even less seconds. Since I dual boot windows I'd have a choice between XP 32 bit or 64 bit. But since installing that thing I barely have enough time to move down to the 64 bit to select it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users