Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Antivirus


  • This topic is locked This topic is locked
2 replies to this topic

#1 its derek

its derek

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 26 May 2008 - 11:57 PM

i downloaded but didnt install xp antivirus because it came up during a virus scan. didnt look right so i never followed through with it. well, after reading how to remove it, i've tried everything and nothings worked. i still have indications in my toolbar at the bottom right saying i have a spyware problem and when i click them im prompted to download xp antivirus yet again. ive tried to delete all the files to it through safe mode and ive tried the FixXPAV.reg and that doesnt do anything. so yea, here are my logs:

Deckard's System Scanner v20071014.68
Run by Admin on 2008-05-26 00:48:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
110: 2008-05-26 07:48:35 UTC - RP110 - Deckard's System Scanner Restore Point
109: 2008-05-26 05:31:38 UTC - RP109 - Microsoft OneCare Protection Checkpoint
108: 2008-05-26 00:58:35 UTC - RP108 - Restore Operation
107: 2008-05-26 00:46:49 UTC - RP107 - Restore Operation
106: 2008-05-25 13:44:36 UTC - RP106 - Microsoft OneCare Protection Checkpoint


-- First Restore Point --
1: 2008-03-08 03:26:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-26 00:50:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\VistaDrive.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.yahoo.com/search?p=
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvzat.dll,startup
O4 - HKLM\..\RunOnceEx: [TITLE] Set Up Software
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [TABS] Tabbed Browsing
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKCU)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: winemx32 - C:\WINDOWS\system32\winemx32.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe


--
End of file - 7525 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 npkcusb - c:\nexon\maplestory\npkcusb.sys (file missing)
S3 sfng32 (Sonic Focus Plugin for HDA) - c:\windows\system32\drivers\sfng32.sys <Not Verified; Sonic Focus, Inc; Sonic Focus, Inc SFNG32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 17:15:00 378 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-25 19:37:41 0 d-------- C:\Program Files\Panda Security
2008-05-25 18:08:20 145 --a------ C:\WINDOWS\system32\winver.bat
2008-05-25 18:08:20 19456 --a------ C:\WINDOWS\system32\drvzat.dll
2008-05-21 18:45:10 3932160 --a------ C:\Documents and Settings\Admin\ntuser.dat
2008-05-21 18:45:09 372736 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-05-19 18:46:53 0 d-------- C:\Program Files\WinAce
2008-05-19 17:57:20 0 d-------- C:\Program Files\Lionhead Studios
2008-05-19 17:45:52 27648 --a------ C:\WINDOWS\system32\winemx32.dll
2008-05-19 07:09:51 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-19 07:09:51 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-19 07:09:51 76344 --a------ C:\WINDOWS\War3Unin.dat
2008-05-19 07:08:04 0 d-------- C:\Program Files\Warcraft III
2008-05-04 19:31:17 0 d-------- C:\Program Files\RegistryPatrol3.0
2008-05-04 19:19:23 0 d-------- C:\Documents and Settings\Admin\Application Data\teamspeak2
2008-05-04 19:18:22 0 d-------- C:\Program Files\Teamspeak2_RC2


-- Find3M Report ---------------------------------------------------------------

2008-05-25 19:37:42 2189 --a------ C:\WINDOWS\mozver.dat
2008-05-25 17:52:52 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-25 15:30:03 0 d-------- C:\Program Files\CrossLoop
2008-05-19 22:35:58 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-05-19 20:08:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 17:57:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 14:54:41 0 d-------- C:\Program Files\FrostWire
2008-05-12 14:54:06 0 d-------- C:\Program Files\StepMania
2008-04-17 22:08:48 0 d-------- C:\Program Files\Adzgalore Games Collection
2008-04-17 22:08:41 40713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe
2008-04-17 21:41:21 0 d-------- C:\Documents and Settings\Admin\Application Data\Sony
2008-04-17 21:21:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Publish Providers
2008-04-17 21:21:19 0 d-------- C:\Documents and Settings\Admin\Application Data\NetMedia Providers
2008-04-17 21:17:58 0 d-------- C:\Program Files\Vstplugins
2008-04-17 21:17:32 0 d-------- C:\Program Files\Sony
2008-04-14 14:16:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-13 20:22:33 0 d-------- C:\Documents and Settings\Admin\Application Data\FrostWire
2008-04-13 13:38:13 0 d-------- C:\Program Files\Ascentive
2008-04-13 05:27:08 0 d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-04-12 23:00:32 0 d-------- C:\Documents and Settings\Admin\Application Data\WinRAR
2008-04-12 16:55:59 0 d-------- C:\Program Files\uTorrent
2008-04-08 22:00:34 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-04-07 21:03:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Viewpoint
2008-04-07 18:41:04 0 d-------- C:\Documents and Settings\Admin\Application Data\Nexon
2008-04-07 18:39:56 0 d-------- C:\Program Files\Common Files
2008-04-07 18:39:56 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-02 16:12:25 0 d-------- C:\Program Files\AskSBar
2008-04-02 16:08:52 0 d-------- C:\Program Files\LimeWire
2008-04-02 15:47:28 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-04-02 15:28:06 0 d-------- C:\Program Files\AIM
2008-04-02 15:28:06 0 d-------- C:\Documents and Settings\Admin\Application Data\Help
2008-04-01 21:23:23 0 d-------- C:\Program Files\Paint.NET
2008-04-01 21:19:03 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-01 21:15:30 0 d-------- C:\Program Files\Sony Setup
2008-03-28 13:50:56 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera
2008-03-27 23:35:14 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-27 23:33:49 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-27 11:44:01 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-03-26 21:50:17 0 d-------- C:\Program Files\File Shredder
2008-03-19 02:40:27 1845888 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-12 14:13:04 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
2008-03-07 22:01:25 262 --a------ C:\Documents and Settings\Admin\Application Data\WinssCookie.txt
2008-03-07 21:29:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-07 20:20:46 0 -rahs---- C:\MSDOS.SYS
2008-03-07 20:20:46 0 -rahs---- C:\IO.SYS
2008-03-07 20:20:46 0 --a------ C:\CONFIG.SYS
2008-03-07 20:20:46 0 --a------ C:\AUTOEXEC.BAT
2008-03-07 20:18:06 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-07 12:11:52 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [04/02/2008 04:12 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/13/2007 12:34 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"VistaDrive"="C:\WINDOWS\VistaDrive.exe" [10/11/2007 05:19 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [04/21/2008 10:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/13/2007 12:34 AM]
"MSDisp32"="C:\WINDOWS\system32\drvzat.dll" [05/25/2008 06:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/16/2007 10:27 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 05:00 AM]
"SpeedswitchXP"="C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe" [07/14/2006 02:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [10/28/2005 12:23:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32]
winemx32.dll 05/19/2008 05:45 PM 27648 C:\WINDOWS\system32\winemx32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register



-- End of Deckard's System Scanner: finished at 2008-05-26 00:50:56 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3600+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3600+
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 958.42 MiB / 387.26 MiB
Pagefile Memory (total/avail): 2874.34 MiB / 2350.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.11 MiB

C: is Fixed (NTFS) - 465.76 GiB total, 422.62 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3500630AS - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"


-- Environment Variables -------------------------------------------------------

ALKY=C:\Program Files\Alky for Applications\Libraries\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\PAL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Alky for Applications\Libraries\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=PAL
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\Admin\Local Settings\Application Data\{8886169A-FE81-40A1-ABEC-74CE0C807E74}\setup_blazemp.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat


-- Application Event Log -------------------------------------------------------

Event Record #/Type613 / Error
Event Submitted/Written: 05/25/2008 07:45:36 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module shlwapi.dll, version 6.0.2900.3121, fault address 0x00010083.
Processing media-specific event for [!ws!]

Event Record #/Type612 / Error
Event Submitted/Written: 05/25/2008 07:44:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winssnotify.exe, version 2.0.2500.30, faulting module shlwapi.dll, version 6.0.2900.3121, fault address 0x00007037.
Processing media-specific event for [winssnotify.exe!ws!]

Event Record #/Type603 / Error
Event Submitted/Written: 05/25/2008 07:35:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x42c8b6ba.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type585 / Error
Event Submitted/Written: 05/25/2008 07:17:40 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module shlwapi.dll, version 6.0.2900.3121, fault address 0x00010083.
Processing media-specific event for [!ws!]

Event Record #/Type584 / Error
Event Submitted/Written: 05/25/2008 07:17:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winssnotify.exe, version 2.0.2500.30, faulting module shlwapi.dll, version 6.0.2900.3121, fault address 0x00007037.
Processing media-specific event for [winssnotify.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2881 / Error
Event Submitted/Written: 05/26/2008 00:34:13 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer MAIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{21E86E41-AB59-4368-B82C.
The master browser is stopping or an election is being forced.

Event Record #/Type2875 / Error
Event Submitted/Written: 05/26/2008 00:32:32 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type2860 / Error
Event Submitted/Written: 05/26/2008 00:32:27 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2

Event Record #/Type2853 / Error
Event Submitted/Written: 05/25/2008 11:34:12 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer MAIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{21E86E41-AB59-4368-B82C.
The master browser is stopping or an election is being forced.

Event Record #/Type2850 / Error
Event Submitted/Written: 05/25/2008 10:34:08 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer MAIN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{21E86E41-AB59-4368-B82C.
The master browser is stopping or an election is being forced.



-- End of Deckard's System Scanner: finished at 2008-05-26 00:50:56 ------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:23 PM

Posted 25 June 2008 - 12:46 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:23 PM

Posted 03 July 2008 - 07:43 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users