Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adzgalore Pop-ups...very Stubborn


  • This topic is locked This topic is locked
3 replies to this topic

#1 michael_from_oz

michael_from_oz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 01 June 2008 - 09:32 PM

Hello folks,

This is my very first posting for help. I should mention that I normally find a solution to this kind of problem by reading how other people have been helped (who had the same problem.

But in this case, none of the solutions I found for removing these annoying Adzgalore pop-ups have worked for me.

Before I paste my logs, here's what I have already tried myself:

Ran AVG-Antispyware
Ran a complete Avast scan
Ran the SuperAnti-Spywqare program
Ran Malwarebyte's Anti-Malware program
Ran a Hijackthis scan to try to identify entries that related to Adzgalore (as seen from other people's posting). I identified an offending DLL and was able to remove it.
I manually deleted C:\Windows\system32\adzgalore-remove.exe

When I first did all of the above, I thought I had resolved the problem, but then the next day one of the Adzgalore pop-ups showed its ugly head again.

When I tried to the the procedure again, there was no file to delete this time (the C:\Windows\system32\adzgalore-remove.exe file that I had deleted the first time). A fresh Hijackthis log revealed nothing suspicious (including the DLL I had previously removed).

Now I have no idea what to do next. This cry for help is my last chance.

Anyway, finally...here's a paste of my logs (DSS & Hijack this)...


Deckard's System Scanner v20071014.68
Run by M on 2008-06-02 12:09:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-06-02 02:09:05 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2008-06-01 09:05:26 UTC - RP50 - System Checkpoint
49: 2008-05-31 05:20:52 UTC - RP49 - System Checkpoint
48: 2008-05-30 04:37:03 UTC - RP48 - System Checkpoint
47: 2008-05-29 02:25:01 UTC - RP47 - System Checkpoint


-- First Restore Point --
1: 2008-04-04 03:21:34 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as M.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:53 PM, on 2/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Matrox X.tools\System\digisc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Matrox X.tools\DSOutputEnabler.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Documents and Settings\M\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\M.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mr-router/console/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSOutputEnabler] "C:\Program Files\Matrox X.tools\DSOutputEnabler.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R290 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKP.EXE /FU "C:\WINDOWS\TEMP\E_S116.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Startup: MailWasher.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mr-router
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199814854869
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199814845213
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DigiCtrl - Matrox Electronic Systems - C:\Program Files\Matrox X.tools\System\digisc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFastŪ Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8778 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080405-124424-314 O2 - BHO: cpmsky.biz browser optimizer - {BCA95E31-1FBF-4F84-8F23-1BA653007A1E} - C:\WINDOWS\system32\cpmsky.dll
backup-20080520-192348-823 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 dgcodec - c:\windows\system32\drivers\dgcodec.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 dgvideo - c:\windows\system32\drivers\dgvideo.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 digim2ba - c:\windows\system32\drivers\digim2ba.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 DigiPnp - c:\windows\system32\drivers\digipnp.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 digisclk - c:\windows\system32\drivers\digisclk.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 digismem - c:\windows\system32\drivers\digismem.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 digisnif - c:\windows\system32\drivers\digisnif.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 flex3dio - c:\windows\system32\drivers\flex3dio.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 mvkG550rt - c:\windows\system32\drivers\mvkg550rt.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 MvkMiniVFX - c:\windows\system32\drivers\mvkminivfx.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 mvkRTXio - c:\windows\system32\drivers\mvkrtxio.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 mvkVideoBus - c:\windows\system32\drivers\mvkminicuda.sys <Not Verified; Matrox Electronic Systems; Matrox RT>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 catchme - c:\docume~1\m\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DigiCtrl - c:\program files\matrox x.tools\system\digisc.exe <Not Verified; Matrox Electronic Systems; Matrox RT>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_50011458&REV_02\3&13C0B0C5&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_50011458&REV_02\3&13C0B0C5&0&FB
Service:


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 01:03:09 286720 --a------ C:\WINDOWS\iun507.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-06-02 01:03:08 0 d-------- C:\Program Files\MagicRecovery Pro DEMO
2008-06-01 15:03:14 0 d-------- C:\Documents and Settings\M\Application Data\FileZilla
2008-06-01 15:03:03 0 d-------- C:\Program Files\FileZilla FTP Client
2008-05-28 00:44:55 0 d-------- C:\Documents and Settings\M\Application Data\ScummVM
2008-05-28 00:44:52 0 d-------- C:\Program Files\ScummVM
2008-05-28 00:24:13 0 d-------- C:\dos
2008-05-27 18:56:56 0 d-------- C:\alabullbleep
2008-05-25 12:33:06 0 d-------- C:\WINDOWS\wb
2008-05-23 23:02:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-23 23:02:03 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-23 23:02:03 0 d-------- C:\Documents and Settings\M\Application Data\SUPERAntiSpyware.com
2008-05-23 23:01:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 22:01:50 0 d-------- C:\Program Files\DVD Decrypter
2008-05-15 22:16:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-15 22:16:49 0 d--h----- C:\Program Files\Zenographics
2008-05-08 17:13:51 0 d-------- C:\hegames
2008-05-08 17:10:29 0 d-------- C:\Freddi2
2008-05-08 17:08:45 0 d-------- C:\Freddi1
2008-05-05 10:41:32 109056 --a------ C:\WINDOWS\SF97UNIN.EXE
2008-05-05 10:41:32 29184 --a------ C:\WINDOWS\SF97UNIH.EXE <Not Verified; Sonic Foundry, Inc.; Sonic Foundry's Uninstall Helper Application>
2008-05-05 10:40:33 0 d-------- C:\sonic
2008-05-05 10:38:25 0 d-------- C:\Program Files\Sonic Foundry Soft Encode
2008-05-02 13:30:41 0 d-------- C:\Program Files\Nero


-- Find3M Report ---------------------------------------------------------------

2008-06-02 11:37:14 0 d-------- C:\Documents and Settings\M\Application Data\MailWasherPro
2008-06-02 10:19:06 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-02 10:17:47 0 d-------- C:\Documents and Settings\M\Application Data\VMware
2008-06-02 01:12:57 0 d-------- C:\Documents and Settings\M\Application Data\Canon
2008-05-31 03:36:45 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-31 03:36:45 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-30 22:43:29 0 d-------- C:\Documents and Settings\M\Application Data\LimeWire
2008-05-28 00:44:39 0 d-------- C:\Program Files\DOSBox-0.72
2008-05-23 23:06:37 0 d-------- C:\Documents and Settings\M\Application Data\Vso
2008-05-23 23:01:45 0 d-------- C:\Program Files\Common Files
2008-05-18 00:19:17 0 d-------- C:\Program Files\CrossLoop
2008-05-16 22:52:33 0 d-------- C:\Documents and Settings\M\Application Data\uTorrent
2008-05-12 16:08:56 0 d-------- C:\Program Files\EPSON Print CD
2008-05-12 15:33:36 2508 --a------ C:\Documents and Settings\M\Application Data\$_hpcst$.hpc
2008-05-12 15:32:44 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-02 13:31:09 0 d-------- C:\Program Files\Common Files\Nero
2008-04-28 17:47:19 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-28 17:46:46 0 d-------- C:\Documents and Settings\M\Application Data\Nero
2008-04-19 22:47:17 0 d-------- C:\Documents and Settings\M\Application Data\GoodSync
2008-04-19 22:44:36 0 d-------- C:\Program Files\Siber Systems
2008-04-12 00:38:18 0 d-------- C:\Documents and Settings\M\Application Data\vlc
2008-04-11 23:58:21 0 d-------- C:\Program Files\VideoLAN
2008-04-06 11:54:04 0 d-------- C:\Program Files\Psygnosis
2008-04-05 11:40:57 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-04 13:21:42 0 d-------- C:\Program Files\Trend Micro
2008-03-09 22:56:40 2048 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-03-09 22:56:40 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-03-09 22:56:40 1025 --a------ C:\WINDOWS\system32\clauth1.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [05/07/2007 06:08 PM C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [20/03/2007 04:36 PM]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [25/05/2007 04:07 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 07:25 PM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [22/11/2005 04:38 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [13/02/2006 08:05 PM]
"nwiz"="nwiz.exe" [13/02/2006 08:05 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [13/02/2006 08:05 PM]
"DSOutputEnabler"="C:\Program Files\Matrox X.tools\DSOutputEnabler.exe" [05/06/2006 11:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [19/04/2008 09:13 AM]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [01/05/2007 09:52 PM]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [01/05/2007 09:52 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28/02/2008 09:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
"EPSON Stylus Photo R290 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKP.exe" [13/04/2007 04:00 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [28/02/2008 05:07 PM]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [20/06/2006 10:36 PM]

C:\Documents and Settings\M\Start Menu\Programs\Startup\
MailWasher.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [9/01/2008 11:07:25 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-06-02 12:10:24 ------------



DSS also created a second log file called extra.txt. It seems to be information relating to my hardware, etc. I have included that file as an attachment.

Thank you to whoever tries to help me.

-Michael

Attached Files


Edited by michael_from_oz, 01 June 2008 - 10:49 PM.


BC AdBot (Login to Remove)

 


#2 michael_from_oz

michael_from_oz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 06 June 2008 - 11:11 PM

Ummm...I still have the problem.

It's been 5 days since I posted for help. I know you guys are volunteers, so I will wait until someone has the time to help me.

-Michael

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 29 June 2008 - 03:00 PM

HI

Sorry for the delay in responding to you, we have a long list of posters waiting for their threads to be analysed.

As it has been some time since you posted, you may have resolved your problem, please let us know if you have ?

If you still require help, Please make sure you have read this :-

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please follow all the directions in the above thread, then come back here & copy & paste the requested updated logs... do NOT attach them

Logs requested :-

1. Deckard's System Scanner main.txt & extra.txt

Note: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

Please remember to post both txt files ...

2. KASPERSKY ONLINE SCANNER 7 REPORT

Please be sure to give as detailed an explanation of your problem as you can, tell us what programs you may have run whilst waiting for a reply & if you have received help elsewhere ... also any new developments with your problem ?

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 25 July 2008 - 03:25 PM

Due to lack of feedback this topic is now closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users