Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans, Ie Popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 AndresParra

AndresParra

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 29 May 2008 - 02:07 PM

Frequent attempts to download trojans and my antivirus program catches it.
Trojan-lowzones and Trojan-vundo are frequent guests of my computer.
IE has ridiculous popups.

I attempted to attach the fle which i believe is responsible - a "password generator" exe file, however i do not have permission to upload an exe.

Deckard's System Scanner v20071014.68
Run by Vir Singh on 2008-05-29 14:56:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2008-05-29 18:56:39 UTC - RP70 - Deckard's System Scanner Restore Point
69: 2008-05-28 22:32:59 UTC - RP69 - SPTD setup V1.56
68: 2008-05-27 13:05:14 UTC - RP68 - Post-Dell Automated PC TuneUp
67: 2008-05-27 13:02:06 UTC - RP67 - Pre-Dell Automated PC TuneUp
66: 2008-05-26 22:21:47 UTC - RP66 - Last known good configuration


-- First Restore Point --
1: 2008-05-26 22:21:36 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Vir Singh.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:26 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Sports Mogul\Baseball Mogul 2008\BB2K8.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vir Singh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vir Singh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {d0992b17-0109-a988-68e4-edb87a707bf4} - {4fb707a7-8bde-4e86-889a-901071b2990d} - C:\WINDOWS\system32\hyhdnbxs.dll
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\WINDOWS\system32\jkkICtsS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8A347CEB-400F-4E62-AFE3-BBDE3A4F06B5} - C:\WINDOWS\system32\fccbbcYR.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BM2b8211f4] Rundll32.exe "C:\WINDOWS\system32\nwpjnhra.dll",s
O4 - HKLM\..\Run: [28b12268] rundll32.exe "C:\WINDOWS\system32\marsjuey.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EF8C8D2-1C5D-4BDC-840A-0C8A6FC2FCB6}: NameServer = 68.87.64.146,68.87.75.194
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkICtsS - C:\WINDOWS\SYSTEM32\jkkICtsS.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9177 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.pif - piffile - shell\open\command - "%1" %*"
.scr - scrfile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys
R3 DXEC02 - c:\windows\system32\drivers\dxec02.sys

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe"
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe"
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-28 13:47:48 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 14:57:16 0 d-------- C:\Program Files\Trend Micro
2008-05-28 23:14:50 133632 --a------ C:\WINDOWS\system32\hyhdnbxs.dll
2008-05-28 23:11:50 116224 --a------ C:\WINDOWS\system32\marsjuey.dll
2008-05-28 23:05:50 126464 --a------ C:\WINDOWS\system32\nwpjnhra.dll
2008-05-28 20:02:17 0 d-------- C:\Documents and Settings\All Users\Application Data\{B9DFDEF4-3471-4379-BDBB-DEDA8A9809DF}
2008-05-28 20:00:28 0 d-------- C:\Program Files\Sports Mogul
2008-05-28 18:52:06 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Sports Interactive
2008-05-28 18:49:53 0 dr-h----- C:\Documents and Settings\Vir Singh\Application Data\SecuROM
2008-05-28 18:46:56 0 d--h----- C:\Program Files\Zero G Registry
2008-05-28 18:46:56 0 d-------- C:\Program Files\Sports Interactive
2008-05-28 18:46:19 0 d--h----- C:\Documents and Settings\Vir Singh\InstallAnywhere
2008-05-28 18:40:38 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-28 18:33:02 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-28 18:32:51 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\DAEMON Tools
2008-05-28 15:36:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-28 15:36:49 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\skypePM
2008-05-28 15:35:33 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Skype
2008-05-28 15:34:04 0 d-------- C:\Program Files\Skype
2008-05-28 15:34:03 0 d-------- C:\Program Files\Common Files\Skype
2008-05-28 15:33:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-27 23:09:22 116224 -----n--- C:\WINDOWS\system32\keusmblp.dll
2008-05-27 23:06:23 126976 --a------ C:\WINDOWS\system32\vqeoomsa.dll
2008-05-26 23:11:49 134144 --a------ C:\WINDOWS\system32\ogkhyxyw.dll
2008-05-26 23:03:32 124928 --a------ C:\WINDOWS\system32\jnbhssxn.dll
2008-05-26 18:35:06 134144 --a------ C:\WINDOWS\system32\cbxuhsxs.dll
2008-05-26 18:22:19 124928 --a------ C:\WINDOWS\system32\xdoycflk.dll
2008-05-26 15:34:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-26 15:34:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-26 15:13:26 124928 --a------ C:\WINDOWS\system32\pngvvfds.dll
2008-05-25 15:13:00 136704 --a------ C:\WINDOWS\system32\rsoxoupv.dll
2008-05-25 15:12:29 125440 --a------ C:\WINDOWS\system32\yholelyp.dll
2008-05-24 20:25:51 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Roxio
2008-05-24 15:28:33 0 --a------ C:\WINDOWS\system32\mglofuox.dll
2008-05-24 15:22:33 136192 --a------ C:\WINDOWS\system32\prmoxumf.dll
2008-05-24 15:19:33 0 --a------ C:\WINDOWS\system32\wbdscctp.exe
2008-05-24 14:10:27 125952 --a------ C:\WINDOWS\system32\lymvtyoi.dll
2008-05-23 16:13:08 0 d-------- C:\spoolerlogs
2008-05-23 08:32:37 136192 --a------ C:\WINDOWS\system32\mibcraiw.dll
2008-05-23 08:26:37 0 --a------ C:\WINDOWS\system32\vmstnaca.exe
2008-05-23 08:23:37 125952 --a------ C:\WINDOWS\system32\awsaaktw.dll
2008-05-22 08:28:34 135680 --a------ C:\WINDOWS\system32\ykalnfhv.dll
2008-05-22 08:25:34 0 --a------ C:\WINDOWS\system32\jxgtfumr.exe
2008-05-22 08:22:54 126976 --a------ C:\WINDOWS\system32\xsnqhvtq.dll
2008-05-21 07:50:11 0 --a------ C:\WINDOWS\system32\rgasppvd.exe
2008-05-21 07:47:11 0 --a------ C:\WINDOWS\system32\umuomfjp.dll
2008-05-21 07:41:11 0 --a------ C:\WINDOWS\system32\vgomathx.dll
2008-05-20 07:46:40 0 --a------ C:\WINDOWS\system32\troimcse.dll
2008-05-20 07:43:37 0 --a------ C:\WINDOWS\system32\ooxudeuc.exe
2008-05-20 07:40:39 0 --a------ C:\WINDOWS\system32\oopqocja.dll
2008-05-19 22:41:12 0 d-------- C:\Program Files\Lavasoft
2008-05-19 22:41:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-19 07:33:00 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-18 19:27:31 804015 --ahs---- C:\WINDOWS\system32\RYcbbccf.ini2
2008-05-18 19:27:24 371200 --a------ C:\WINDOWS\system32\fccbbcYR.dll
2008-05-18 08:14:32 58880 --a------ C:\WINDOWS\system32\jkkICtsS.dll
2008-05-17 20:45:21 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\LimeWire
2008-05-17 20:44:53 0 d-------- C:\Program Files\LimeWire
2008-05-17 17:47:56 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-05-17 17:47:56 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-05-17 17:47:56 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-05-17 17:47:20 16967 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-17 17:47:17 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-17 17:47:16 94208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-17 17:39:23 0 d-------- C:\Program Files\Diablo II
2008-05-13 14:34:21 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\WinRAR
2008-05-12 20:13:16 0 d-------- C:\Program Files\TVAnts
2008-05-10 02:45:59 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\goombah
2008-05-05 00:52:20 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\OpenOffice.org2
2008-05-05 00:50:42 0 d-------- C:\Program Files\OpenOffice.org 2.4


-- Find3M Report ---------------------------------------------------------------

2008-05-28 20:10:04 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\uTorrent
2008-05-28 18:38:59 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-28 15:34:03 0 d-------- C:\Program Files\Common Files
2008-05-21 00:17:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-20 21:20:53 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Ruckus Network
2008-05-18 05:30:52 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Apple Computer
2008-05-05 00:50:26 0 d-------- C:\Program Files\Java
2008-05-04 01:54:18 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Move Networks
2008-04-26 13:39:49 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Template
2008-04-26 13:39:17 0 --a------ C:\Documents and Settings\Vir Singh\Application Data\wklnhst.dat
2008-04-22 11:54:14 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\DivX
2008-04-20 20:45:36 0 d-------- C:\Program Files\DivX
2008-04-19 20:02:38 0 d-------- C:\Program Files\iTunes
2008-04-19 20:02:14 0 d-------- C:\Program Files\iPod
2008-04-19 20:00:37 0 d-------- C:\Program Files\QuickTime
2008-04-19 19:56:25 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 01:05:50 0 d-------- C:\Program Files\Ruckus Player
2008-04-19 00:55:32 0 d-------- C:\Program Files\Emergent Music LLC
2008-04-12 17:18:35 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-12 17:05:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-12 17:05:56 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Mozilla
2008-04-04 19:44:13 0 d-------- C:\Program Files\Symantec
2008-04-02 00:23:08 0 d-------- C:\Program Files\uTorrent
2008-04-02 00:12:35 0 d-------- C:\Documents and Settings\Vir Singh\Application Data\Sun
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-30 14:10:47 0 d-------- C:\Program Files\Dell Support Center
2008-03-30 14:10:42 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-30 14:05:08 0 d--h----- C:\Documents and Settings\Vir Singh\Application Data\GTek
2008-03-29 17:02:18 0 d-------- C:\Program Files\Alfa & Ariss
2008-03-29 00:08:23 0 d-------- C:\Program Files\Bonjour
2008-03-29 00:07:19 0 d-------- C:\Program Files\Common Files\Apple
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4fb707a7-8bde-4e86-889a-901071b2990d}]
05/28/2008 11:14 PM 133632 --a------ C:\WINDOWS\system32\hyhdnbxs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
05/18/2008 08:14 AM 58880 --a------ C:\WINDOWS\system32\jkkICtsS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A347CEB-400F-4E62-AFE3-BBDE3A4F06B5}]
05/18/2008 07:27 PM 371200 --a------ C:\WINDOWS\system32\fccbbcYR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/03/2007 04:20 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2007 05:30 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2007 05:30 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2007 05:30 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [05/09/2007 04:59 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/14/2007 03:23 PM]
"SigmatelSysTrayApp"="stsystra.exe" [06/06/2007 05:28 PM C:\WINDOWS\stsystra.exe]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [11/02/2006 03:05 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [08/17/2006 10:00 AM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [11/01/2007 04:39 PM]
"IMJPMIG8.2"="msime80.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/07/2006 02:02 PM]
"vptray"="c:\PROGRA~1\SYMANT~1\VPTray.exe" [05/26/2006 09:01 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/29/2008 12:37 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 11:36 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"BM2b8211f4"="C:\WINDOWS\system32\nwpjnhra.dll" [05/28/2008 11:05 PM]
"28b12268"="C:\WINDOWS\system32\marsjuey.dll" [05/28/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 01:09 PM]
"MsServer"="msfir80.exe" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [04/23/2008 05:45 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [3/28/2008 6:30:01 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/28/2008 6:24:29 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\WINDOWS\system32\jkkICtsS.dll [05/18/2008 08:14 AM 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkICtsS]
jkkICtsS.dll 05/18/2008 08:14 AM 58880 C:\WINDOWS\system32\jkkICtsS.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccbbcYR

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{182251cd-2d07-11dd-b541-001d60bf173b}]
AutoRun\command- F:\BB2K8-Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{555c15fc-fe8a-11dc-b525-001d60bf173b}]
Auto\command- E:\sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7883e27-fd16-11dc-b521-001d60bf173b}]
Auto\command- E:\sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

*Newly Created Service* - SPTD
*Newly Created Service* - UDFS



-- End of Deckard's System Scanner: finished at 2008-05-29 14:59:09 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T5270 @ 1.40GHz
CPU 1: Intel® Core™2 Duo CPU T5270 @ 1.40GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 2038.11 MiB / 1191.26 MiB
Pagefile Memory (total/avail): 3929.91 MiB / 3081.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.8 MiB

C: is Fixed (NTFS) - 146.51 GiB total, 99.03 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHY2160BH - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 146.51 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.0.396 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\eclipse\\eclipse.exe"="C:\\eclipse\\eclipse.exe:*:Enabled:eclipse"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Vir Singh\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D1VJK3F1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vir Singh
LOGONSERVER=\\D1VJK3F1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VIRSIN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VIRSIN~1\LOCALS~1\Temp
USERDOMAIN=D1VJK3F1
USERNAME=Vir Singh
USERPROFILE=C:\Documents and Settings\Vir Singh
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Vir Singh (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP BiDi Channel Components Installer --> MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Baseball Mogul 2008 --> "C:\Documents and Settings\All Users\Application Data\{B9DFDEF4-3471-4379-BDBB-DEDA8A9809DF}\BB2K8-Setup.exe" REMOVE=TRUE MODIFY=FALSE
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell DataSafe Online --> MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Goombah Partner COM Server --> MsiExec.exe /I{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Vir Singh\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
SAS System 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD3C4A64-E7DC-11D4-AC4A-00C04F3876CD}\setup.exe" -l0x9 uninstall
SecureW2 Client 3.1.2 --> C:\Program Files\Alfa & Ariss\SecureW2 Client 3.1.2\Uninstall.exe
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Symantec AntiVirus --> MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1402 / Error
Event Submitted/Written: 05/29/2008 02:58:57 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\oopqocja.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type1401 / Error
Event Submitted/Written: 05/29/2008 02:58:32 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\mglofuox.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type1400 / Error
Event Submitted/Written: 05/29/2008 02:58:11 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\mglofuox.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type1399 / Error
Event Submitted/Written: 05/29/2008 02:58:10 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\mglofuox.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type1398 / Error
Event Submitted/Written: 05/29/2008 02:57:49 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.LowZones in File: C:\WINDOWS\system32\jxgtfumr.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6411 / Warning
Event Submitted/Written: 05/29/2008 08:16:27 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type6405 / Error
Event Submitted/Written: 05/28/2008 07:54:00 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "VAIO :0" could not be registered on the Interface with IP address 192.168.1.109.
The machine with the IP address 192.168.1.9 did not allow the name to be claimed by
this machine.

Event Record #/Type6404 / Error
Event Submitted/Written: 05/28/2008 07:39:10 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "VAIO :0" could not be registered on the Interface with IP address 192.168.1.109.
The machine with the IP address 192.168.1.9 did not allow the name to be claimed by
this machine.

Event Record #/Type6403 / Warning
Event Submitted/Written: 05/28/2008 07:25:08 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6402 / Error
Event Submitted/Written: 05/28/2008 07:24:19 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "VAIO :0" could not be registered on the Interface with IP address 192.168.1.109.
The machine with the IP address 192.168.1.9 did not allow the name to be claimed by
this machine.



-- End of Deckard's System Scanner: finished at 2008-05-29 14:59:09 ------------
Was previously receiving assistance here and wasn't completed: http://www.bleepingcomputer.com/forums/t/143055/popups-taskbar-at-bottom-right-does-not-work/ Rootkit was involved. ~ OB

Edited by Orange Blossom, 29 May 2008 - 07:48 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 04 June 2008 - 01:56 AM

Hello AndresParra, my name is fenzodahl512 and welcome to Bleeping Computer..

If you still need our help, please post a fresh Deckard System Scanner log for further review..

Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 16 June 2008 - 08:23 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users