Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Stop Systemerrorfixer And Can't Turn On Windows Auto Update


  • This topic is locked This topic is locked
22 replies to this topic

#1 LogicCK

LogicCK

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 29 May 2008 - 07:26 PM

Hello, I've gone through the Preparation guide and I believe I've followed all the rules, here's my problem:

Running XP Home, Windows Firewall enabled

1) Been getting lots of SystemErrorFixer pop ups and to a lesser extent AntiSpywareMaster pop ups.
2) I also notice that when clicking on folders in an external hard drive, just by opening them, Windows Explorer will crash and display the error msg about how it had to close. These folders haven't had anything new installed in them and just contain old video files.
3) Can't turn on Windows Automatic Update, tried going through usual routes such as services.msc and starting it, enabling hardwire profile, etc. as recommended in Microsoft support sites and others. Give the error 1048(I believe that's the one?) and says it can't be turned on no matter what I try.

Running PC-Cillin 2008 with auto updates still working fine, did scans and clean attmepts with that as well as Avira, Ewido (online free version), and SUPERAntiSpyWare. But problems still persist. I look forward to your help and thank you in advance for this great service, below are my DSS and Kapersky logs:

Deckard's System Scanner v20071014.68
Run by Douglas on 2008-05-29 20:05:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 0.69 GiB (less than 15%) free.


-- HijackThis (run as Douglas.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-29 20:12:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\snmp.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\SYSTEM32\UAService7.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Douglas\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ce.uwo.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {4ad5f1c0-b2c1-3fcb-e2d4-60c003f1d661} - {166d1f30-0c06-4d2e-bcf3-1c2b0c1f5da4} - C:\WINDOWS\SYSTEM32\gbtvncyd.dll
O2 - BHO: (no name) - {4C8C42DF-F287-4561-9016-DB93FE8B7A90} - C:\WINDOWS\SYSTEM32\byXOFutu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMff68e3c5] Rundll32.exe "C:\WINDOWS\system32\ixapnpai.dll",s
O4 - HKLM\..\Run: [fc5bd059] rundll32.exe "C:\WINDOWS\system32\vdwvjbwn.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.shoutwire.com (HKCU)
O15 - Trusted Zone: *.torrentspy.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192846265656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\SYSTEM32\UAService7.exe


--
End of file - 8859 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Douglas\Desktop\WELLNE~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20020101-020734-447 O4 - HKLM\..\RunServices: [wlog.exe] wlog.exe
backup-20020101-020827-312 O23 - Service: Java Virtual Machine Service (servicejava) - Unknown owner - c:\program files\jre1.5.0.a\JavaRun.exe" -s "c:\program files\jre1.5.0.a\conf\wrapper-slave.conf (file missing)
backup-20020101-020841-493 O23 - Service: Java Virtual Machine Service (servicejava) - Unknown owner - c:\program files\jre1.5.0.a\JavaRun.exe" -s "c:\program files\jre1.5.0.a\conf\wrapper-slave.conf (file missing)
backup-20060918-085727-954 O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll
backup-20060918-085728-345 O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
backup-20060918-085731-340 O4 - Startup: ????QQ.lnk
backup-20060918-085731-801 O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
backup-20060918-085731-892 O4 - Startup: ?eé?′ê°? 2005.lnk
backup-20060918-085732-324 O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
backup-20060918-212958-221 R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
backup-20060918-212959-144 O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll (file missing)
backup-20060918-212959-445 O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
backup-20060918-213000-174 O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
backup-20060918-213001-122 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
backup-20060918-213001-566 O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
backup-20060918-213001-672 O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
backup-20060918-213001-696 O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
backup-20060918-213002-426 O4 - HKLM\..\Run: [cesmain.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\Ces\cmail.dll,Rundll32
backup-20060918-213002-626 O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
backup-20060918-213002-750 O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
backup-20060918-213002-809 O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
backup-20060918-213005-619 O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail (file missing)
backup-20060918-213006-500 O9 - Extra button: 3721中文邮 - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
backup-20060918-213006-760 O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...&btn=taobao (file missing)
backup-20060918-213007-282 O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...amp;btn=yassist (file missing)
backup-20060918-213008-947 O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
backup-20060918-213009-500 O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/...nger.yahoo.com/ (file missing)
backup-20060918-213009-508 O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
backup-20060918-213010-587 O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...&btn=repair (file missing)
backup-20060918-213011-294 O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...&btn=repair (file missing)
backup-20060918-213011-830 O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...s&btn=clean (file missing)
backup-20060918-213012-944 O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...s&btn=clean (file missing)
backup-20060918-213101-549 F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
backup-20061102-111305-272 O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
backup-20061102-111305-555 O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
backup-20061102-111305-605 O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
backup-20061102-111305-768 O2 - BHO: (no name) - AutorunsDisabled - (no file)
backup-20070220-134255-597 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070220-134259-130 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070226-154549-921 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
backup-20070226-154550-975 O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
backup-20070226-154551-107 O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\System32\cisvc.exe (file missing)
backup-20070416-142928-955 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
backup-20070416-142938-309 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
backup-20080524-122407-523 O15 - Trusted Zone: *.whataboutadog.com
backup-20080524-122407-606 O15 - Trusted Zone: *.doginhispen.com

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 stwlfbus - c:\windows\system32\drivers\stwlfbus.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 st3wolf - c:\windows\system32\drivers\st3wolf.sys

S1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 SABProcEnum - c:\program files\mozilla firefox\sabprocenum.sys (file missing)
S3 sony_ssm.sys - c:\docume~1\matt\locals~1\temp\sony_ssm.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe <Not Verified; Sony DADC Austria AG.; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-28 13:09:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 18:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 18:43:56 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 18:43:54 0 d-------- C:\WINDOWS\LastGood
2008-05-29 17:36:14 116224 --a------ C:\WINDOWS\system32\vdwvjbwn.dll
2008-05-29 17:30:56 132608 --a------ C:\WINDOWS\system32\gbtvncyd.dll
2008-05-28 12:48:14 133120 --a------ C:\WINDOWS\system32\xymmynhj.dll
2008-05-28 12:43:47 116736 -----n--- C:\WINDOWS\system32\sdtppiwm.dll
2008-05-28 11:13:16 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-05-27 14:34:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 14:33:37 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 14:33:33 0 d-------- C:\Documents and Settings\Douglas\Application Data\SUPERAntiSpyware.com
2008-05-27 14:27:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 12:51:31 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-05-27 12:35:03 115712 --a------ C:\WINDOWS\system32\prrewqvu.dll
2008-05-26 17:51:27 2560 --a------ C:\WINDOWS\system32\waxtjjkx.exe
2008-05-26 17:42:22 496572 --ahs---- C:\WINDOWS\system32\PrXxwyay.ini2
2008-05-26 16:31:17 0 d-------- C:\Program Files\Avira
2008-05-26 16:31:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-25 00:43:41 115200 --a------ C:\WINDOWS\system32\iugbfsix.dll
2008-05-24 15:52:34 115200 --a------ C:\WINDOWS\system32\klsfkkmi.dll
2008-05-24 15:43:33 547976 --ahs---- C:\WINDOWS\system32\OUCedfii.ini2
2008-05-23 00:46:18 2560 --a------ C:\WINDOWS\system32\dtrpjtxf.exe
2008-05-23 00:43:18 134144 --a------ C:\WINDOWS\system32\hbkagbgg.dll
2008-05-22 17:35:02 761 --ahs---- C:\WINDOWS\system32\YcedNXyb.ini2
2008-05-22 12:33:47 530099 --ahs---- C:\WINDOWS\system32\utuFOXyb.ini2
2008-05-22 12:33:34 371712 -----n--- C:\WINDOWS\system32\byXOFutu.dll
2008-05-22 12:29:16 0 d-------- C:\WINDOWS\RegCure
2008-05-11 17:19:38 0 d-------- C:\Program Files\Audacity
2008-05-11 15:47:23 0 d-------- C:\Program Files\Native Instruments
2008-05-03 16:34:23 0 d-------- C:\Documents and Settings\Douglas\Application Data\AVSMedia
2008-05-03 16:34:21 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-02 16:15:28 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-05-02 16:14:58 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-02 16:14:57 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-05-02 16:14:57 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-05-02 11:26:00 62030599 --a------ C:\AVSVideoTools.exe
2008-05-02 11:14:38 703006 --a------ C:\OVideoConverter.exe <Not Verified; DigitByte Studio; >
2008-04-30 19:04:09 0 d-------- C:\Program Files\Mp3 My Mp3 2.0
2008-04-30 19:01:03 6059008 --a------ C:\mp3mymp3install2.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-28 11:13:23 7566 --a----c- C:\WINDOWS\mozver.dat
2008-05-27 14:27:19 0 d-a------ C:\Program Files\Common Files
2008-05-22 12:51:10 0 d-------- C:\Program Files\Online Services
2008-05-22 12:25:52 0 d-------- C:\Program Files\Soulseek
2008-05-22 10:06:47 0 d-------- C:\Program Files\DivX
2008-05-13 15:14:12 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-30 18:48:51 0 d-------- C:\Program Files\Focus MP3 Recorder Pro
2008-04-21 12:22:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-20 19:34:07 0 d-------- C:\Program Files\LimeWire
2008-04-20 03:22:30 0 d-------- C:\Program Files\tagtraum industries
2008-04-20 03:14:40 10096676 --a------ C:\beaTunes-1-2-9-win.exe
2008-04-20 02:58:34 0 d-------- C:\Program Files\Java
2008-04-20 02:22:17 0 d-------- C:\Program Files\iTunes
2008-04-20 00:31:43 15 --a------ C:\WINDOWS\64B2-CCF3-14E6-C679.dat
2008-04-13 04:12:25 0 d-------- C:\Program Files\BitComet
2008-04-09 23:46:09 942780 --a------ C:\slsk156(2).exe
2008-04-09 23:38:15 976836 --a------ C:\slsk157test12c.exe
2008-04-05 21:37:49 931505 --a------ C:\slsk156b(2).exe
2008-04-05 21:02:25 842672 --a------ C:\slsk156c(2).exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{166d1f30-0c06-4d2e-bcf3-1c2b0c1f5da4}]
29/05/2008 05:30 PM 132608 --a------ C:\WINDOWS\system32\gbtvncyd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C8C42DF-F287-4561-9016-DB93FE8B7A90}]
22/05/2008 12:33 PM 371712 --------- C:\WINDOWS\system32\byXOFutu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [29/12/2006 02:52 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 01:10 PM]
"BMff68e3c5"="C:\WINDOWS\system32\ixapnpai.dll" []
"fc5bd059"="C:\WINDOWS\system32\vdwvjbwn.dll" [29/05/2008 05:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [13/05/2008 12:43 PM]

C:\Documents and Settings\Douglas\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 10:00:00 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [24/08/2004 4:28:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXOFutu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cdf2d3c-383e-11d9-b7a4-00038a000015}]




-- End of Deckard's System Scanner: finished at 2008-05-29 20:14:45 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 510 MiB / 136.8 MiB
Pagefile Memory (total/avail): 1478.99 MiB / 891.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 145.47 GiB total, 0.69 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (FAT32) - 3.81 GiB total, 0.16 GiB free.
H: is Fixed (FAT32) - 298.02 GiB total, 139.1 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6Y160P0 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 145.47 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

\\.\PHYSICALDRIVE2 - CORNICE Inc. Storage Ele USB Device - 3.81 GiB - 1 partition
\PARTITION0 - Unknown - 3.81 GiB - G:

\\.\PHYSICALDRIVE1 - WDC WD32 00AAJS-00VWA0 USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Unknown - 298.09 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.) Disabled
AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1132 (Trend Micro, Inc.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:礣orrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Douglas\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DOUG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Douglas
LOGONSERVER=\\DOUG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Douglas\LOCALS~1\Temp
TMP=C:\DOCUME~1\Douglas\LOCALS~1\Temp
USERDOMAIN=DOUG
USERNAME=Douglas
USERPROFILE=C:\Documents and Settings\Douglas
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Douglas (admin)
Matt (admin)
Andrew (admin)
Dad
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BitComet 0.91 --> C:\Program Files\BitComet\uninst.exe
BitTorrent 3.4.2 --> "C:\Program Files\BitTorrent\uninstall.exe"
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
CorrectPhoto 2.0 --> MsiExec.exe /X{EB2E3E04-543F-4265-8F77-4C3960F0A66E}
DAEMON Tools --> MsiExec.exe /I{7A27AE24-F5B8-4ABC-B3DA-AB57BC7309FB}
Deckadance --> C:\Program Files\VstPlugins\Deckadance\uninstall.exe
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
DVDXCopy Xpress 3.0.1 --> "C:\Program Files\Xpress\uninstall.exe"
Europa Barbarorum 0.81a v2 --> MsiExec.exe /I{6AB314CB-71CD-49AD-B84F-AC88699CF7FB}
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Focus MP3 Recorder Pro 3.2 --> "C:\Program Files\Focus MP3 Recorder Pro\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Douglas\Desktop\Wellness Tools\Hijack This\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iConcertCal --> MsiExec.exe /I{A8900995-B0C6-4015-8D1A-140DA8A79E0E}
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iPodCopy --> MsiExec.exe /I{D3A9FE3E-C21E-432D-99BC-0E72EBAFA2A8}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
iTunes Art Importer --> MsiExec.exe /I{D8D8B308-B172-43DB-96F1-6A3F84851D61}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 2.70 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn To Speak French 8.0 --> C:\WINDOWS\IUConnect\LFF3544DE\IUCHECK.EXE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire PRO 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Lyra Jukebox Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\Setup.exe" -l0x9 -remove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\[sv]script2.61\[sv]script2.7\[sv]script2.7\mirc.exe" -uninstall
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPIO Software Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B67FB4-F425-40E5-BDDA-7CD494202022}\SETUP.EXE" -l0x9
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
MUSICMATCH Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
myTunes Redux 1.0 --> "C:\Program Files\iTunes\myTunes Redux\unins000.exe"
Native Instruments Traktor DJ Studio 3 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PS TO USB CONVERTOR --> C:\PROGRA~1\PSTOUS~1\UNWISE.EXE C:\PROGRA~1\PSTOUS~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rome - Total War™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB} /l1033 /x
Rome Total War - patch 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype 1.1 --> "C:\Program Files\Skype\unins000.exe"
SmartFTP (remove only) --> "C:\Program Files\SmartFTP\uninst-sftp.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoulSeek Client 156 --> "C:\Program Files\Soulseek\uninstall.exe"
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
tagtraum industries beaTunes 1.2.9 --> "C:\Program Files\tagtraum industries\beaTunes-1.2.9\uninst.exe"
Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~2\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Tunatic --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
Video Downloader 3.04 --> "C:\Program Files\Chermenin\Video Downloader\unins000.exe"
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Wallpaper Calendar --> C:\WINDOWS\iun6002.exe "C:\Program Files\Wallpaper Calendar\irunin.ini"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type22111 / Warning
Event Submitted/Written: 05/29/2008 05:22:08 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.XPACK.GenC:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\DIBBD5W4\kb516107[1]

Event Record #/Type22110 / Warning
Event Submitted/Written: 05/29/2008 05:22:08 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Crypt.XPACK.GenC:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\DIBBD5W4\kb516107[1]

Event Record #/Type22108 / Warning
Event Submitted/Written: 05/29/2008 05:19:36 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.ENBC:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\M77WQHSO\kb516107[1]

Event Record #/Type22107 / Error
Event Submitted/Written: 05/29/2008 05:17:41 PM / 05/29/2008 05:17:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type22104 / Warning
Event Submitted/Written: 05/29/2008 05:10:39 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.ENBC:\WINDOWS\SYSTEM32\ixapnpai.dll



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type119104 / Error
Event Submitted/Written: 05/29/2008 06:37:42 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event Record #/Type119084 / Error
Event Submitted/Written: 05/29/2008 05:40:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type119082 / Error
Event Submitted/Written: 05/29/2008 05:36:08 PM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The Trend Micro Proxy Service service depends on the following nonexistent service: tmtdi

Event Record #/Type119072 / Error
Event Submitted/Written: 05/29/2008 05:29:40 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type119069 / Error
Event Submitted/Written: 05/29/2008 05:27:24 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-05-29 20:14:45 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 7:59:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 813037
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Douglas\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 27694
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:38:39

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\iugbfsix.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped
C:\WINDOWS\SYSTEM32\klsfkkmi.dll Object is locked skipped
C:\WINDOWS\SYSTEM32\prrewqvu.dll Object is locked skipped
C:\WINDOWS\SYSTEM32\sdtppiwm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vnb skipped
C:\WINDOWS\SYSTEM32\waxtjjkx.exe Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\CWIBF0.$$$ Object is locked skipped
C:\WINDOWS\Temp\CWLOG0.$$$ Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\47074708.upm Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\Uninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\VsCfgIns.dll Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45244525.upd Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45254526.upd Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45264527.upd Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45274528.upd Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45284529.upd Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu3.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3.tmp\vso\48314832.upm Object is locked skipped
C:\WINDOWS\Temp\mcu3.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\Uninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\VsCfgIns.dll Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vso\45444545.upd Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vso\45454546.upd Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vso\45464547.upd Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vso\45474548.upd Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vso\45484549.upd Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu31.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu34.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu34.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu34.tmp\vso\46044605.upm Object is locked skipped
C:\WINDOWS\Temp\mcu34.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu38.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu38.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu38.tmp\vso\46074608.upm Object is locked skipped
C:\WINDOWS\Temp\mcu38.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\vso\45964597.upm Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu3B.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3B.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3B.tmp\vso\45984599.upm Object is locked skipped
C:\WINDOWS\Temp\mcu3B.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu3C.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3C.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3C.tmp\vso\45994600.upm Object is locked skipped
C:\WINDOWS\Temp\mcu3C.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu40.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu40.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu40.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu40.tmp\vso\vsodat.cab Object is locked skipped
C:\WINDOWS\Temp\mcu41.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu41.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu41.tmp\vso\46414642.upm Object is locked skipped
C:\WINDOWS\Temp\mcu41.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu42.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu42.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu42.tmp\vso\45944595.upm Object is locked skipped
C:\WINDOWS\Temp\mcu42.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu43.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu43.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu43.tmp\vso\47044705.upm Object is locked skipped
C:\WINDOWS\Temp\mcu43.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu44.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu44.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu44.tmp\vso\47094710.upm Object is locked skipped
C:\WINDOWS\Temp\mcu44.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu46.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu46.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu46.tmp\vso\47084709.upm Object is locked skipped
C:\WINDOWS\Temp\mcu46.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\vso\47394740.upm Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu4B.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4B.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4B.tmp\vso\48224823.upm Object is locked skipped
C:\WINDOWS\Temp\mcu4B.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu4C.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4C.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4C.tmp\vso\47524753.upm Object is locked skipped
C:\WINDOWS\Temp\mcu4C.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu50.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu50.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu50.tmp\vso\47574758.upm Object is locked skipped
C:\WINDOWS\Temp\mcu50.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu55.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu55.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu55.tmp\vso\48254826.upm Object is locked skipped
C:\WINDOWS\Temp\mcu55.tmp\vso\48264827.upm Object is locked skipped
C:\WINDOWS\Temp\mcu55.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\46024603.upm Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu61.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu61.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu61.tmp\vso\46004601.upm Object is locked skipped
C:\WINDOWS\Temp\mcu61.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\vso\47064707.upm Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu82.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu82.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu82.tmp\vso\46094610.upm Object is locked skipped
C:\WINDOWS\Temp\mcu82.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu98.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu98.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu98.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu98.tmp\vso\vsoexdt.cab Object is locked skipped
C:\WINDOWS\Temp\mcuB8.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuB8.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuB8.tmp\vso\47054706.upm Object is locked skipped
C:\WINDOWS\Temp\mcuB8.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat Object is locked skipped
C:\WINDOWS\Temp\SPL35.tmp Object is locked skipped
C:\WINDOWS\Temp\SPLE.tmp Object is locked skipped
C:\WINDOWS\Temp\WGANotify.settings Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\DOCUME~1\Douglas\LOCALS~1\Temp\hsperfdata_Douglas\2180 Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:42 PM

Posted 30 May 2008 - 02:21 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: {4ad5f1c0-b2c1-3fcb-e2d4-60c003f1d661} - {166d1f30-0c06-4d2e-bcf3-1c2b0c1f5da4} - C:\WINDOWS\SYSTEM32\gbtvncyd.dll
O2 - BHO: (no name) - {4C8C42DF-F287-4561-9016-DB93FE8B7A90} - C:\WINDOWS\SYSTEM32\byXOFutu.dll
O4 - HKLM\..\Run: [BMff68e3c5] Rundll32.exe "C:\WINDOWS\system32\ixapnpai.dll",s
O4 - HKLM\..\Run: [fc5bd059] rundll32.exe "C:\WINDOWS\system32\vdwvjbwn.dll",b
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O15 - Trusted Zone: *.shoutwire.com (HKCU)
O15 - Trusted Zone: *.torrentspy.com (HKCU)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)




=====================


You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


=====================


Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 LogicCK

LogicCK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 30 May 2008 - 01:09 PM

Hey there, my name is Doug, thanks again for your help, this is a great service.

1) I updated Java as suggested, and when ran through all the files listed for your HijackThis list and "fix checked" them, except the first 2 files you listed (starting with 02) didn't show up in the list, the others all did though.

2) Also I still can't access my external drive, which is really concerning now as soon as I open it I get this error:

AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: xvidcore.dll
ModVer: 0.0.0.0 Offset: 0004afe9

I can access the files on it, and play them, cut, copy, etc. if I do it through the running a search first so they come up in that explorer window, but if i go "open containing folder" it crashes and the error comes again.

3) Here's my combo fix log:

ComboFix 08-05-29.1 - Douglas 2008-05-30 13:33:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.202 [GMT -4:00]
Running from: C:\Documents and Settings\Douglas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Douglas\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1193190109.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll.1193795093.old
C:\Program Files\WinBudget\bin\matrix.dll.1194414066.old
C:\Program Files\WinBudget\bin\matrix.dll.1195093358.old
C:\Program Files\WinBudget\bin\matrix.dll.1196063491.old
C:\setup.exe
C:\WINDOWS\BMff68e3c5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXOFutu.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dtrpjtxf.exe
C:\WINDOWS\system32\eodfhoxo.ini
C:\WINDOWS\system32\exqtjymo.ini
C:\WINDOWS\system32\gbtvncyd.dll
C:\WINDOWS\system32\hbkagbgg.dll
C:\WINDOWS\system32\imkkfslk.ini
C:\WINDOWS\system32\iugbfsix.dll
C:\WINDOWS\SYSTEM32\khlunsri.ini
C:\WINDOWS\system32\klsfkkmi.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mwipptds.ini
C:\WINDOWS\SYSTEM32\nwbjvwdv.ini
C:\WINDOWS\system32\OUCedfii.ini
C:\WINDOWS\SYSTEM32\OUCedfii.ini2
C:\WINDOWS\system32\prrewqvu.dll
C:\WINDOWS\SYSTEM32\PrXxwyay.ini
C:\WINDOWS\SYSTEM32\PrXxwyay.ini2
C:\WINDOWS\SYSTEM32\sfbjanbm.ini
C:\WINDOWS\SYSTEM32\utuFOXyb.ini
C:\WINDOWS\SYSTEM32\utuFOXyb.ini2
C:\WINDOWS\system32\uvqwerrp.ini
C:\WINDOWS\system32\vdwvjbwn.dll
C:\WINDOWS\SYSTEM32\xisfbgui.ini
C:\WINDOWS\system32\xymmynhj.dll
C:\WINDOWS\SYSTEM32\YcedNXyb.ini
C:\WINDOWS\SYSTEM32\YcedNXyb.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 13:02 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-05-30 12:59 . 2008-05-30 12:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-29 20:05 . 2008-05-29 20:05 <DIR> d-------- C:\Deckard
2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 18:43 . 2008-05-29 18:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-28 11:13 . 2008-05-28 11:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\SuperAdBlocker.com
2008-05-27 14:34 . 2008-05-27 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 14:33 . 2008-05-27 14:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 14:33 . 2008-05-27 14:33 <DIR> d-------- C:\Documents and Settings\Douglas\Application Data\SUPERAntiSpyware.com
2008-05-27 14:27 . 2008-05-27 14:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 14:27 . 2008-05-27 14:26 6,439,960 --a------ C:\SUPERAntiSpyware.exe
2008-05-27 12:51 . 2008-05-27 12:52 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-05-26 17:51 . 2008-05-26 17:51 2,560 --a------ C:\WINDOWS\SYSTEM32\waxtjjkx.exe
2008-05-26 16:31 . 2008-05-30 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-26 16:01 . 2008-05-26 16:07 22,311,160 --a------ C:\antivir_workstation_winu_en_h.exe
2008-05-22 12:29 . 2008-05-22 12:29 <DIR> d-------- C:\WINDOWS\RegCure
2008-05-11 17:19 . 2008-05-11 17:19 <DIR> d-------- C:\Program Files\Audacity
2008-05-11 17:17 . 2008-05-11 17:18 2,228,534 --a------ C:\audacity-win-1.2.6.exe
2008-05-11 15:55 . 2008-05-11 16:06 16,674,185 --a------ C:\TDS301_Win_Demo.zip
2008-05-11 15:47 . 2008-05-11 15:47 <DIR> d-------- C:\Program Files\Native Instruments
2008-05-03 16:34 . 2008-05-03 16:36 <DIR> d-------- C:\Documents and Settings\Douglas\Application Data\AVSMedia
2008-05-03 16:34 . 2008-05-03 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-02 16:15 . 2008-05-03 16:38 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-02 16:15 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\SYSTEM32\mfc70.dll
2008-05-02 16:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-05-02 16:14 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\SYSTEM32\mpg4c32.dll
2008-05-02 16:14 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\SYSTEM32\mcdvd_32.dll
2008-05-02 16:14 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll
2008-05-02 16:14 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\SYSTEM32\vct3216.acm
2008-05-02 16:14 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\SYSTEM32\AC3ACM.acm
2008-05-02 16:14 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\SYSTEM32\alf2cd.acm
2008-05-02 16:14 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\SYSTEM32\Scg726.acm
2008-05-02 11:26 . 2008-05-02 11:27 62,030,599 --a------ C:\AVSVideoTools.exe
2008-05-02 11:14 . 2008-05-02 11:14 703,006 --a------ C:\OVideoConverter.exe
2008-05-01 17:42 . 2008-05-01 17:42 268 --ah----- C:\sqmdata06.sqm
2008-05-01 17:42 . 2008-05-01 17:42 244 --ah----- C:\sqmnoopt06.sqm
2008-05-01 09:41 . 2008-05-01 09:41 268 --ah----- C:\sqmdata05.sqm
2008-05-01 09:41 . 2008-05-01 09:41 244 --ah----- C:\sqmnoopt05.sqm
2008-04-30 23:20 . 2008-04-30 23:20 268 --ah----- C:\sqmdata04.sqm
2008-04-30 23:20 . 2008-04-30 23:20 244 --ah----- C:\sqmnoopt04.sqm
2008-04-30 19:04 . 2008-04-30 19:04 <DIR> d-------- C:\Program Files\Mp3 My Mp3 2.0
2008-04-30 19:01 . 2008-04-30 19:03 6,059,008 --a------ C:\mp3mymp3install2.exe
2008-04-30 11:23 . 2008-04-30 11:23 268 --ah----- C:\sqmdata03.sqm
2008-04-30 11:23 . 2008-04-30 11:23 244 --ah----- C:\sqmnoopt03.sqm
2008-04-25 11:16 . 2008-04-25 11:16 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\DivX
2008-04-20 05:25 . 2008-04-21 12:22 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2008-04-20 05:11 . 2008-04-20 05:11 5,356,278 --a------ C:\159_1_E_150.mov
2008-04-20 04:47 . 2008-04-20 04:47 5,391,105 --a------ C:\67_1_E_150.mov
2008-04-20 04:34 . 2008-04-20 04:34 5,323,485 --a------ C:\116_1_E_150.mov
2008-04-20 04:30 . 2008-04-20 04:30 5,322,288 --a------ C:\134_1_E_150.mov
2008-04-20 03:24 . 2008-04-21 12:26 <DIR> d-------- C:\Documents and Settings\Douglas\.beaTunes
2008-04-20 03:22 . 2008-04-20 03:22 <DIR> d-------- C:\Program Files\tagtraum industries
2008-04-20 03:13 . 2008-04-20 03:14 10,096,676 --a------ C:\beaTunes-1-2-9-win.exe
2008-04-20 02:31 . 2008-04-20 02:31 680,976 --a------ C:\bpmanlyz.exe
2008-04-20 02:22 . 2008-04-27 02:24 <DIR> d-------- C:\iConcertCal
2008-04-20 02:21 . 2008-04-20 02:21 513,536 --a------ C:\iConcertCal_v2_0.msi
2008-04-17 17:22 . 2008-04-17 17:22 42,682 --a------ C:\Graffiti - Stockholm Subway Stories.torrent
2008-04-13 19:29 . 2008-04-13 19:29 17,163 --a------ C:\compiled_207813003041.zip
2008-04-10 12:21 . 2008-04-10 12:21 15,452,536 --a------ C:\IE7-WindowsXP-x86-enu.exe
2008-04-09 23:46 . 2008-04-09 23:46 942,780 --a------ C:\slsk156(2).exe
2008-04-09 23:38 . 2008-04-09 23:38 976,836 --a------ C:\slsk157test12c.exe
2008-04-05 21:37 . 2008-04-05 21:37 931,505 --a------ C:\slsk156b(2).exe
2008-04-05 21:02 . 2008-04-05 21:02 842,672 --a------ C:\slsk156c(2).exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 17:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-30 17:01 --------- d-----w C:\Program Files\Java
2008-05-30 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 16:25 --------- d-----w C:\Program Files\Soulseek
2008-05-22 14:06 --------- d-----w C:\Program Files\DivX
2008-05-13 19:14 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-02 20:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 20:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 20:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-04-30 22:48 --------- d-----w C:\Program Files\Focus MP3 Recorder Pro
2008-04-20 23:34 --------- d-----w C:\Program Files\LimeWire
2008-04-20 06:22 --------- d-----w C:\Program Files\iTunes
2008-04-13 08:12 --------- d-----w C:\Program Files\BitComet
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2004-03-11 17:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,264 2002-04-03 06:01:00 C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe

----a-w 53,248 2004-04-11 16:43:44 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

----a-w 479,232 2005-07-15 21:48:33 C:\Program Files\Google\Gmail Notifier\bak\gnotify.exe

----a-w 257,088 2007-03-14 23:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2007-12-11 17:10:26 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 5,674,352 2007-01-19 17:54:56 C:\Program Files\MSN Messenger\bak\MsnMsgr.Exe
----a-w 5,674,352 2007-01-19 16:54:56 C:\Program Files\MSN Messenger\msnmsgr.exe

----a-w 286,720 2007-06-29 10:24:52 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-12-11 15:56:54 C:\Program Files\QuickTime\QTTask.exe

----a-w 90,112 2000-05-11 06:00:00 C:\WINDOWS\bak\UpdReg.EXE

----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\ctfmon.exe

----a-w 126,976 2005-06-22 04:44:34 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe

----a-w 155,648 2005-06-22 04:48:18 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe

----a-w 122,941 2005-05-31 09:33:00 C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2006-12-29 02:52 3429904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-08-24 16:28:42 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a--c--- 2004-04-19 15:45 53248 c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2300:UDP"= 2300:UDP:AoM
"64520:UDP"= 64520:UDP:AoM1
"12717:TCP"= 12717:TCP:BitComet 12717 TCP
"12717:UDP"= 12717:UDP:BitComet 12717 UDP

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 13:39]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 12:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 17:09:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 13:47:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\snmp.exe
C:\WINDOWS\SYSTEM32\UAService7.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-30 13:59:59 - machine was rebooted [Douglas]
ComboFix-quarantined-files.txt 2008-05-30 17:59:54

Pre-Run: 4,731,432,960 bytes free
Post-Run: 5,248,282,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

263 --- E O F --- 2008-05-17 07:04:33

Edited by LogicCK, 31 May 2008 - 10:30 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:42 PM

Posted 31 May 2008 - 07:11 PM

Let's make sure we get rid of the the malware first, then we'll revisit those issues if they are still present.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\SYSTEM32\waxtjjkx.exe
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



=====================




Launch Superantispyware
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 LogicCK

LogicCK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 01 June 2008 - 05:44 PM

Here's Combo Fix log:

ComboFix 08-05-29.1 - Douglas 2008-06-01 13:04:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -4:00]
Running from: C:\Documents and Settings\Douglas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Douglas\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\SYSTEM32\waxtjjkx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\SYSTEM32\waxtjjkx.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-30 23:27 . 2008-05-30 23:27 268 --ah----- C:\sqmdata07.sqm
2008-05-30 23:27 . 2008-05-30 23:27 244 --ah----- C:\sqmnoopt07.sqm
2008-05-30 20:42 . 2008-05-30 20:42 47,616 --a------ C:\Doug's_Bboying_Foundation.doc
2008-05-30 13:02 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-05-30 12:59 . 2008-05-30 12:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-29 20:05 . 2008-05-29 20:05 <DIR> d-------- C:\Deckard
2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 18:43 . 2008-05-29 18:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-28 11:13 . 2008-05-28 11:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\SuperAdBlocker.com
2008-05-27 14:34 . 2008-05-27 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 14:33 . 2008-05-27 14:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 14:33 . 2008-05-27 14:33 <DIR> d-------- C:\Documents and Settings\Douglas\Application Data\SUPERAntiSpyware.com
2008-05-27 14:27 . 2008-05-27 14:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 14:27 . 2008-05-27 14:26 6,439,960 --a------ C:\SUPERAntiSpyware.exe
2008-05-26 16:31 . 2008-05-30 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-26 16:01 . 2008-05-26 16:07 22,311,160 --a------ C:\antivir_workstation_winu_en_h.exe
2008-05-22 12:29 . 2008-05-22 12:29 <DIR> d-------- C:\WINDOWS\RegCure
2008-05-11 17:19 . 2008-05-11 17:19 <DIR> d-------- C:\Program Files\Audacity
2008-05-11 17:17 . 2008-05-11 17:18 2,228,534 --a------ C:\audacity-win-1.2.6.exe
2008-05-11 15:55 . 2008-05-11 16:06 16,674,185 --a------ C:\TDS301_Win_Demo.zip
2008-05-11 15:47 . 2008-05-11 15:47 <DIR> d-------- C:\Program Files\Native Instruments
2008-05-03 16:34 . 2008-05-03 16:36 <DIR> d-------- C:\Documents and Settings\Douglas\Application Data\AVSMedia
2008-05-03 16:34 . 2008-05-03 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-02 16:15 . 2008-05-03 16:38 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-02 16:15 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\SYSTEM32\mfc70.dll
2008-05-02 16:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-05-02 16:14 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\SYSTEM32\mpg4c32.dll
2008-05-02 16:14 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\SYSTEM32\mcdvd_32.dll
2008-05-02 16:14 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll
2008-05-02 16:14 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\SYSTEM32\vct3216.acm
2008-05-02 16:14 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\SYSTEM32\AC3ACM.acm
2008-05-02 16:14 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\SYSTEM32\alf2cd.acm
2008-05-02 16:14 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\SYSTEM32\Scg726.acm
2008-05-02 11:26 . 2008-05-02 11:27 62,030,599 --a------ C:\AVSVideoTools.exe
2008-05-02 11:14 . 2008-05-02 11:14 703,006 --a------ C:\OVideoConverter.exe
2008-05-01 17:42 . 2008-05-01 17:42 268 --ah----- C:\sqmdata06.sqm
2008-05-01 17:42 . 2008-05-01 17:42 244 --ah----- C:\sqmnoopt06.sqm
2008-05-01 09:41 . 2008-05-01 09:41 268 --ah----- C:\sqmdata05.sqm
2008-05-01 09:41 . 2008-05-01 09:41 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 15:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-31 15:57 --------- d-----w C:\Documents and Settings\Douglas\Application Data\AdobeUM
2008-05-30 17:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-30 17:01 --------- d-----w C:\Program Files\Java
2008-05-30 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 16:25 --------- d-----w C:\Program Files\Soulseek
2008-05-22 14:06 --------- d-----w C:\Program Files\DivX
2008-05-13 19:14 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-02 20:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 20:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 20:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-04-30 23:04 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2008-04-30 23:03 6,059,008 ----a-w C:\mp3mymp3install2.exe
2008-04-30 22:48 --------- d-----w C:\Program Files\Focus MP3 Recorder Pro
2008-04-25 15:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\DivX
2008-04-20 23:34 --------- d-----w C:\Program Files\LimeWire
2008-04-20 07:22 --------- d-----w C:\Program Files\tagtraum industries
2008-04-20 07:14 10,096,676 ----a-w C:\beaTunes-1-2-9-win.exe
2008-04-20 06:31 680,976 ----a-w C:\bpmanlyz.exe
2008-04-20 06:22 --------- d-----w C:\Program Files\iTunes
2008-04-13 23:29 17,163 ----a-w C:\compiled_207813003041.zip
2008-04-13 08:12 --------- d-----w C:\Program Files\BitComet
2008-04-10 16:21 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-04-10 03:46 942,780 ----a-w C:\slsk156(2).exe
2008-04-10 03:38 976,836 ----a-w C:\slsk157test12c.exe
2008-04-06 01:37 931,505 ----a-w C:\slsk156b(2).exe
2008-04-06 01:02 842,672 ----a-w C:\slsk156c(2).exe
2004-03-11 17:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-30_13.58.59.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 17:45:57 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-01 17:10:23 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-31 16:00:23 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe
- 2004-08-04 07:56:42 294,400 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msctf.dll
- 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\SYSTEM32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\SYSTEM32\msctf.dll
+ 2008-06-01 17:10:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_124.dat
+ 2005-09-23 03:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 03:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 03:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,264 2002-04-03 06:01:00 C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe

----a-w 53,248 2004-04-11 16:43:44 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

----a-w 479,232 2005-07-15 21:48:33 C:\Program Files\Google\Gmail Notifier\bak\gnotify.exe

----a-w 257,088 2007-03-14 23:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2007-12-11 17:10:26 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 5,674,352 2007-01-19 17:54:56 C:\Program Files\MSN Messenger\bak\MsnMsgr.Exe
----a-w 5,674,352 2007-01-19 16:54:56 C:\Program Files\MSN Messenger\msnmsgr.exe

----a-w 286,720 2007-06-29 10:24:52 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-12-11 15:56:54 C:\Program Files\QuickTime\QTTask.exe

----a-w 90,112 2000-05-11 06:00:00 C:\WINDOWS\bak\UpdReg.EXE

----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\ctfmon.exe

----a-w 126,976 2005-06-22 04:44:34 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe

----a-w 155,648 2005-06-22 04:48:18 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe

----a-w 122,941 2005-05-31 09:33:00 C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2006-12-29 02:52 3429904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-08-24 16:28:42 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a--c--- 2004-04-19 15:45 53248 c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2300:UDP"= 2300:UDP:AoM
"64520:UDP"= 64520:UDP:AoM1
"12717:TCP"= 12717:TCP:BitComet 12717 TCP
"12717:UDP"= 12717:UDP:BitComet 12717 UDP

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 13:39]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 12:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 17:09:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 13:15:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\SYSTEM32\snmp.exe
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
C:\WINDOWS\SYSTEM32\UAService7.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-01 13:30:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 17:30:30
ComboFix2.txt 2008-05-30 18:00:00

Pre-Run: 4,991,893,504 bytes free
Post-Run: 5,087,014,912 bytes free

218 --- E O F --- 2008-05-31 00:02:48






Here's SuperAntiSpyware log, thanks:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/01/2008 at 11:58 PM

Application Version : 4.1.1046

Core Rules Database Version : 3472
Trace Rules Database Version: 1463

Scan type : Complete Scan
Total Scan Time : 05:04:46

Memory items scanned : 345
Memory threats detected : 0
Registry items scanned : 5989
Registry threats detected : 0
File items scanned : 138684
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\Douglas\Cookies\douglas@doubleclick[1].txt
C:\Documents and Settings\Douglas\Cookies\douglas@ad.yieldmanager[1].txt
C:\Documents and Settings\Douglas\Cookies\douglas@adecn[1].txt
C:\Documents and Settings\Douglas\Cookies\douglas@zedo[2].txt
C:\Documents and Settings\Douglas\Cookies\douglas@atdmt[2].txt
C:\Documents and Settings\Douglas\Cookies\douglas@msnportal.112.2o7[1].txt
C:\Documents and Settings\Douglas\Cookies\douglas@ehg-kasperskylab.hitbox[1].txt
C:\Documents and Settings\Douglas\Cookies\douglas@www.tqlkg[1].txt

Trojan.Downloader-Gen/Suspicious
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINBUDGET\BIN\CRAP.1193190109.OLD.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1619\A0404325.OLD
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1619\A0404334.OLD
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1619\A0404335.OLD
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1619\A0404336.OLD

Edited by LogicCK, 02 June 2008 - 02:53 AM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:42 PM

Posted 01 June 2008 - 05:45 PM

Looking better. Please post the log from Superantispyware when you've had a chance to run it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 LogicCK

LogicCK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 02 June 2008 - 12:02 PM

posted

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:42 PM

Posted 03 June 2008 - 11:05 AM

Ok, we're looking pretty good on the malware front. Are you getting any popups or anything that would indicate otherwise?

Are you still having the issue with your external hard drive?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 LogicCK

LogicCK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 03 June 2008 - 02:45 PM

Hi, no more pop ups thanks, but yeah still having issues accessing my external drive H/ when i hit debug from the list of debug, send error report or don't send, i got another window today that said: "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience" with same options. I never had this issue prior to getting the malware, and just have mostly video/music files on there.

Windows Auto Update is back and running again fine thankfully. Also, maybe this relates to the windows explorer issue, for over a year now, before I got malware infected, haven't been able to bring up the Task Manager no matter what route I try, any way to re-enable this without the Windows OS cd's???? (they're in a box somewhere).

Finally, my Excalibur USB 4GB stick is now not being recognized when I plug it in. It shows up as Local Disk G/ instead of Excalibur and when I click on it, it says 'The disk in drive G is not formatted. Do you want to format it now?" which is concerning becuase I have important files on there and was working even during the Malware issue.

Edited by LogicCK, 04 June 2008 - 01:18 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:42 PM

Posted 04 June 2008 - 01:19 PM

Your explorer problem on your external hard drive stems from a bad audio or video codec. This will involve some detective work on your part to determine what was installed about the time that you first noticed the problem. Many times these can be uninstalled easily.

Try this to restore your task manager.




Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


Reboot your computer and check your task manager.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 LogicCK

LogicCK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 04 June 2008 - 10:21 PM

Hey, maybe I'm missing something but I don't see any part that says REGEDIT4????
I followed the instructions anyway, no luck, task manager doesn't come up in search, or CTRL+ALT+Delete, or right click on toolbar then selecting it.

I think the H external drive may have been from a couple things, I noticed I was getting dll errors, and read somewhere that one particular one had to do with divx codec, so i uninstalled it, I'm gonna re-install latest version and see if it helps...UPDATE...after re-installing, still getting error:

AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: xvidcore.dll
ModVer: 0.0.0.0 Offset: 0004afe9

Though it seems now I'm having more time before the error up till 30 seconds to browse folders before it crashes..

Any advice on the USB?

Edited by LogicCK, 05 June 2008 - 12:58 AM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:42 PM

Posted 05 June 2008 - 07:34 AM

Why even reinstall it if it's causing the error? Just get rid of it.
You can also try the XP Codec pack.

http://www.xpcodecpack.com/


Try this fix for you task manager.
http://www.dougknox.com/xp/utils/xp_taskmgrenab.htm



For your USB stick, here's a couple programs that you can try.

http://www.cgsecurity.org/wiki/TestDisk

If that one doesn't do the trick, try this next one.

http://findandmount.com/



Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 LogicCK

LogicCK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 11 June 2008 - 11:30 AM

Hi I seemed to fix the codec issue..thanks for the help...installed the XP codec pack, removed Divx...now on certain folders with vid files I get a window asking if i want to play these files using "FFDShow" and I can either click on yes (just this once) yes( all teh time), no (just once) no (never) and it seems to work regardless of what I choose

Task Manager still didn't work with that

Still have to test the USB programs, looks like I should do some general reading of the diff. features and instructions first, and been pretty busy

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:42 PM

Posted 11 June 2008 - 11:36 AM

If you right click on the task bar, do you see Task Manager listed in the menu?
What happens when you click on it? Any type of error message?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 LogicCK

LogicCK
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 11 June 2008 - 10:58 PM

Yeah it's there when I right click, it's not greyed out or missing, but then when i click on it nothing, no error at all, the hourglass doesn't even go as if it's loading something




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users