Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Trojan/malware Forced Windows Re-activation!


  • This topic is locked This topic is locked
4 replies to this topic

#1 chrisjacks

chrisjacks

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 05 June 2008 - 04:08 AM

Hi there,

Someone has obviously attempted to install something dodgy while I've been away. When I came back to my PC it had been left on overnight. CA Anti-Virus had reported the following infection:

c:\Documents & Settings\User\Local Settings\Temp\IXP000.TMP\Apr28.exe Win32/Chisyne.MI

I tried removing some suspect files but they were "in use". I foolishly starting shutting down processes via task manager in an attempt to "free up" the suspect files and delete them. I must have accidentally killed a system task because Windows then forced a shutdown on me which in turn has allowed this virus to really do some damage. When I attempted to restart, I was forced to Activate my copy of Windows again!!!

I believe there is still something nasty in my system because I saw yet another new file: c:\Windows\QTFont.qfn

Can someone PLEASE check my log file below and give me instructions on how I can clean up this mess?! Any help is VERY much appreciated!...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:43 PM, on 5/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AutoMate 5\AutoMate5Svc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AutoMate 5\AM5HkWnd.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FxRedir.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\UltraVNC\vncviewer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AutoMate5] C:\Program Files\AutoMate 5\AM5HkWnd.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
O4 - HKLM\..\Run: [LandOnline] C:\Program Files\LandOnline Printer Driver\PrintManager.exe
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\webdrive.exe /trayicon
O4 - HKLM\..\Run: [User Logger] C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe
O4 - Startup: CUSTOMER HELPDESK.lnk = C:\Program Files\UltraVNC\vncviewer.exe
O4 - Global Startup: Linksys Cordless Internet Telephony Kit.lnk = C:\Program Files\Linksys\Cordless Internet Telephony Kit\cit200.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Movies Extractor Scout LITE - {6E0321C4-E024-4D85-B2D9-2F4AF0E2D33E} - C:\Program Files\Movies Extractor Scout LITE\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178166591656
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoMate 5 (AutoMate5) - Network Automation, Inc. - C:\Program Files\AutoMate 5\AutoMate5Svc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 14403 bytes

Many Thanks!


Regards,

Chris
I'd rather be skydiving...

BC AdBot (Login to Remove)

 


#2 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2008 - 07:17 AM

Hello chrisjacks. Welcome to Bleeping Computer.

I'm sorry it has taken so long to reply to your post. We get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having we would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your Desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <-this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please Copy (Ctrl+C) and Paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if you are asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your Desktop.
  • Copy and Paste that information in your next post.
Please do not enclose your reply in a code box as it makes it hard to read. Thank You


White Warrior

#3 chrisjacks

chrisjacks
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 01 July 2008 - 05:52 PM

Hi WW,

No worries! I can understand how flat-out you guys must be! Here are the contents of the three text files as requested below...

A couple of notes. I have UltraVNC installed on this computer and noticed that it showed up a few times. I (think) you can ignore that one. Also, I think I know what dodgy file was run that infected my PC in the first place. It was an installer for AutoCad as per the two lines copied from the Kaspersky text file below...
C:\SOFTWARE\== MAPPING\AutoCAD 2009\Autodesk Autocad 2009\Setup.exe Infected: Trojan.Win32.Monder.gen 1
C:\SOFTWARE\== MAPPING\AutoCAD 2009\Autodesk Autocad 2009.rar Infected: Trojan.Win32.Monder.gen 1
I'll have to ask our mapping guy where this one came from!

Anyway, if you could review these text files and let me know what I need to do, that would be great.

Many thanks!

Cheers,

Chris



MAIN.TXT

Deckard's System Scanner v20071014.68
Run by User on 2008-07-01 15:13:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2008-07-01 05:13:53 UTC - RP367 - Deckard's System Scanner Restore Point
63: 2008-06-30 07:12:28 UTC - RP366 - System Checkpoint
62: 2008-06-26 00:45:16 UTC - RP365 - System Checkpoint
61: 2008-06-24 23:33:18 UTC - RP364 - System Checkpoint
60: 2008-06-23 23:19:38 UTC - RP363 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-02 03:28:36 UTC - RP304 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 38.72 GiB (less than 15%) free.


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:25 PM, on 1/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AutoMate 5\AutoMate5Svc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AutoMate 5\AM5HkWnd.exe
C:\WINDOWS\system32\hpnra.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\UltraVNC\vncviewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\FxRedir.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AutoMate5] C:\Program Files\AutoMate 5\AM5HkWnd.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
O4 - HKLM\..\Run: [LandOnline] C:\Program Files\LandOnline Printer Driver\PrintManager.exe
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\webdrive.exe /trayicon
O4 - HKLM\..\Run: [User Logger] C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe
O4 - Startup: CUSTOMER HELPDESK.lnk = C:\Program Files\UltraVNC\vncviewer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Movies Extractor Scout LITE - {6E0321C4-E024-4D85-B2D9-2F4AF0E2D33E} - C:\Program Files\Movies Extractor Scout LITE\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178166591656
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AutoMate 5 (AutoMate5) - Network Automation, Inc. - C:\Program Files\AutoMate 5\AutoMate5Svc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 14214 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 GhPciScan (GhostPciScanner) - c:\program files\symantec\norton ghost 2003\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 cis1284 - c:\windows\system32\drivers\cis1284.sys <Not Verified; Canon Information Systems; Canon MultiPASS>
R2 WebDriveFSD (WebDrive File System Driver) - c:\program files\netdrive\rffsd.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 SbieDrv - c:\program files\sandboxie\sbiedrv.sys <Not Verified; tzuk; Sandboxie>

S3 gdrv - c:\windows\gdrv.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AutoMate5 (AutoMate 5) - "c:\program files\automate 5\automate5svc.exe" <Not Verified; Network Automation, Inc.; AutoMate 5>
R2 GhostStartService - c:\program files\symantec\norton ghost 2003\ghoststartservice.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service>
R2 MPService - c:\program files\canon\multipass\mpservic.exe <Not Verified; Canon Information Systems; Canon MultiPASS>
R2 SbieSvc (Sandboxie Service) - c:\program files\sandboxie\sbiesvc.exe <Not Verified; tzuk; Sandboxie>
R2 WebDriveService (WebDrive Service) - c:\program files\netdrive\wdservice.exe
R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 15:26:00 870 --a------ C:\WINDOWS\Tasks\scheduledbackup.job
2008-06-23 07:54:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-20 11:01:29 512 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as User at 9 49 AM.job
2007-11-14 17:02:22 104 --a------ C:\WINDOWS\Tasks\SesamTVMC.job


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-26 14:14:23 888832 --a------ C:\WINDOWS\system32\securenet.dll
2008-06-24 09:20:36 0 d-------- C:\Program Files\MSXML 6.0
2008-06-20 12:45:36 0 d-------- C:\BKPCPMR2
2008-06-19 11:11:48 0 d-------- C:\cmpserverbackup12062008
2008-06-16 14:41:11 0 d-------- C:\Cityscope
2008-06-13 17:52:14 0 d-------- C:\_CIP 2000
2008-06-11 14:38:17 0 d-------- C:\Program Files\AutoCAD LT 2008
2008-06-11 14:38:17 0 d-------- C:\Documents and Settings\User\Application Data\Autodesk
2008-06-11 14:38:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-11 14:36:11 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-11 14:36:11 0 d-------- C:\Program Files\Autodesk
2008-06-06 16:21:59 0 d-------- C:\BACKUPS-AM
2008-06-05 18:32:45 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-05 18:12:36 0 d-------- C:\_cleanup
2008-06-05 17:46:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-05 17:46:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-05 17:46:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-05 17:46:18 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-05 17:46:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-05 17:46:18 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-05 17:46:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-05 17:46:18 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-05 17:46:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-05 17:46:18 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-05 17:46:18 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-05 17:46:18 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-05 17:46:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-05 17:46:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-02 13:00:14 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-02 13:00:14 17005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-02 13:00:14 4672 --a------ C:\WINDOWS\system\WOWPOST.EXE <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-02 13:00:14 5600 --a------ C:\WINDOWS\system\WINASPI.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-02 13:00:04 0 d-------- C:\Documents and Settings\User\Application Data\Symantec
2008-06-02 12:59:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 12:59:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 12:59:13 0 d-------- C:\Program Files\Symantec
2008-06-02 12:10:16 0 d-------- C:\_Telstra


-- Find3M Report ---------------------------------------------------------------

2008-07-01 14:24:50 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-24 11:12:26 0 d-------- C:\Program Files\UltraVNC
2008-06-23 11:55:05 0 d-------- C:\Program Files\Java
2008-06-11 15:13:36 0 d-------- C:\Program Files\Microsoft GIF Animator
2008-06-11 14:36:11 0 d-------- C:\Program Files\Common Files
2008-06-06 15:17:44 0 d-------- C:\Program Files\AutoMate 5
2008-06-05 19:24:18 0 d-------- C:\Program Files\Skype
2008-06-05 19:24:10 0 d-------- C:\Documents and Settings\User\Application Data\Skype
2008-06-05 19:15:15 136 --a------ C:\Program Files\BMonitor.dll
2008-05-28 13:50:59 0 d-------- C:\Program Files\Google
2008-05-27 08:54:43 0 d-------- C:\Program Files\Wizard Software
2008-05-22 10:13:42 0 d-------- C:\Program Files\Movies Extractor Scout LITE
2008-05-16 16:13:13 0 d-------- C:\Program Files\MING Network Spy
2008-05-15 12:57:51 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-05-15 12:02:17 0 d-------- C:\Program Files\Down2Home
2008-05-09 14:21:59 0 d-------- C:\Program Files\Sandboxie


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [28/11/2005 03:55 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [28/11/2005 03:52 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [28/11/2005 03:55 PM]
"RTHDCPL"="RTHDCPL.EXE" [21/07/2006 06:56 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 08:04 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [02/11/2004 08:24 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 04:30 PM]
"AutoMate5"="C:\Program Files\AutoMate 5\AM5HkWnd.exe" [27/06/2005 03:50 PM]
"HP Network Registry Agent"="C:\WINDOWS\system32\hpnra.exe" [16/10/2004 04:31 AM]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [18/06/2006 02:56 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [28/08/2007 04:45 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [09/05/2007 07:17 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30/09/2003 12:14 AM]
"Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" [06/07/2005 12:58 AM]
"OpScheduler"="C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe" []
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [12/04/2005 10:16 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11/01/2008 06:54 PM]
"@"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 04:40 PM]
"UniPrint"="C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe" [11/05/2004 11:11 AM]
"LandOnline"="C:\Program Files\LandOnline Printer Driver\PrintManager.exe" [09/03/2006 12:43 PM]
"MP_STATUS_MONITOR"="C:\Program Files\Canon\MultiPASS\monitr32.exe" [11/10/2001 12:46 PM]
"WebDriveTray"="C:\Program Files\NetDrive\webdrive.exe" []
"User Logger"="C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe" [26/04/2003 12:14 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 10:00 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:24 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [09/10/2006 11:28 AM]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [27/04/2008 11:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


-- End of Deckard's System Scanner: finished at 2008-07-01 15:18:06 ------------




EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 1015.48 MiB / 373.74 MiB
Pagefile Memory (total/avail): 2441.94 MiB / 1919.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.06 MiB

C: is Fixed (NTFS) - 298.08 GiB total, 38.72 GiB free.
D: is CDROM (UDF)
H: is Network (NTFS)
K: is Network (NTFS)
P: is Network (NTFS)
V: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: CA Anti-Virus v8.4.0.24 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.50\\Program\\Swift3D.exe"="C:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.50\\Program\\Swift3D.exe:*:Enabled:Swift 3D"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Program Files\\MyWANiP\\MyWanIP.exe"="C:\\Program Files\\MyWANiP\\MyWanIP.exe:*:Enabled:MyWanIP"
"C:\\Program Files\\AutoMate 5\\TaskEdit.exe"="C:\\Program Files\\AutoMate 5\\TaskEdit.exe:*:Enabled:AutoMate 5 Task Builder"
"C:\\Program Files\\AutoMate 5\\SpawnTask.exe"="C:\\Program Files\\AutoMate 5\\SpawnTask.exe:*:Enabled:AutoMate 5 Task Process"
"C:\\Program Files\\AutoMate 5\\AMTA.exe"="C:\\Program Files\\AutoMate 5\\AMTA.exe:*:Enabled:AMTA.exe"
"C:\\Program Files\\UltraVNC\\vncviewer.exe"="C:\\Program Files\\UltraVNC\\vncviewer.exe:*:Enabled:VNCViewer"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\ZipGenius 6\\ftpg.exe"="C:\\Program Files\\ZipGenius 6\\ftpg.exe:*:Enabled:FTPGenius XP"
"C:\\Program Files\\Robo-FTP\\Robo-FTP.exe"="C:\\Program Files\\Robo-FTP\\Robo-FTP.exe:*:Enabled:Robo-FTP® Script-Driven FTP Client"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Advantig\\OneClick\\repeater.exe"="C:\\Program Files\\Advantig\\OneClick\\repeater.exe:*:Enabled:Advantig OneClick Repeater"
"C:\\Program Files\\Advantig\\OneClick\\vncviewer.exe"="C:\\Program Files\\Advantig\\OneClick\\vncviewer.exe:*:Enabled:Advantig OneClick Viewer"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\CHRIS
LOGSCRIPT=C:\Program Files\UniPrint\Log Files
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ZipGenius 6\;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=CHRIS
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
AccessDiver v4.401 --> "C:\Program Files\Accessdiver\unins000.exe"
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUSDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
AutoCAD LT 2008 - English --> C:\Program Files\AutoCAD LT 2008\Setup\Setup.exe /P {5783F2D7-6009-0409-0002-0060B0CE6BBA} /M ACADLT
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AutoMate 5 --> MsiExec.exe /X{21FEE823-3027-4B83-B499-7E525B05A94B}
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
CA Anti-Spyware --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=pp
CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
Canon MultiPASS ODBC Interface --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\MultiPASS\MpODBC\Uninst.isu" -c"C:\Program Files\Canon\MultiPASS\MpODBC\_UNODBC.DLL"
Canon MultiPASS Suite 3.21 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\MultiPASS\Uninst.isu" -c"C:\WINDOWS\system32\uninstsr.dll
Canon ScanGear 4.0 for MultiPASS --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Canon\ScanGear\DeIsL1.isu"
CDSCOPE2000 - Cityscope Database --> C:\PROGRA~1\CITYSC~1\CDSCOP~1\UNWISE.EXE C:\PROGRA~1\CITYSC~1\CDSCOP~1\INSTALL.LOG
CDSCOPE2000 Data Update --> C:\PROGRA~1\CITYSC~1\CDSCOP~1\UNWISE.EXE C:\PROGRA~1\CITYSC~1\CDSCOP~1\install.log
CDSCOPE2000 New Subscription --> C:\PROGRA~1\CITYSC~1\CDSCOP~1\UNWISE.EXE C:\PROGRA~1\CITYSC~1\CDSCOP~1\install.log
CDSCOPE2000 Patch --> C:\PROGRA~1\CITYSC~1\CDSCOP~1\UNWISE.EXE C:\PROGRA~1\CITYSC~1\CDSCOP~1\install.log
Citrix Program Neighborhood --> C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
CuteFTP 7 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Hackman Suite --> "C:\Program Files\TechnoLogismiki\Hackman\Uninstall.exe" "C:\Program Files\TechnoLogismiki\Hackman\install.log" -u
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp color LaserJet 4600 Uninstaller --> C:\Program Files\Hewlett-Packard\CLJ4600\Uninstall\unhp.exe ciuninst.ini
Imaging for Windows® 2.8 --> "C:\Program Files\Imaging\ipuninst.exe" -y -f"C:\Program Files\Imaging\IPuninst.isu"
Instant Demo by NetPlay Software --> "C:\Program Files\InstantDemo\InstantDemo.exe" -uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LandOnline Client Components --> C:\PROGRA~1\LANDON~1\UNWISE.EXE C:\PROGRA~1\LANDON~1\INSTALL.LOG
Landonline Digital Signing - Client Side --> C:\PROGRA~1\Citrix\ICACLI~1\PROGRA~1\LINZ\UNWISE.EXE C:\PROGRA~1\Citrix\ICACLI~1\PROGRA~1\LINZ\INSTALL.LOG
LandOnline Printer Driver --> MsiExec.exe /I{05B7920B-6F0D-4A0C-8B31-5C883D082B7B}
LiveImage 1.29d --> C:\PROGRA~1\LIVEIM~1\UNWISE.EXE C:\PROGRA~1\LIVEIM~1\INSTALL.LOG
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Mach5 Mailer 4 --> C:\PROGRA~1\MACH5M~1\UNWISE.EXE C:\PROGRA~1\MACH5M~1\INSTALL.LOG
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MediaPortal 0.2.3.0 RC3 --> C:\Program Files\Team MediaPortal\MediaPortal\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft GIF Animator --> C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MOV Converter 1.01 --> "C:\Program Files\Boilsoft MOV Converter\unins000.exe"
Movies Extractor Scout LITE --> "C:\Program Files\Movies Extractor Scout LITE\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyWANiP 2.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\MyWANiP\irunin.ini"
Nero 7 Premium --> MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
NetDrive --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
Norton Ghost --> MsiExec.exe /I{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}
NTI Backup NOW! Deluxe --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewTech Infosystems\NTI Backup NOW!\Uninst.isu"
OneClick --> "C:\Program Files\Advantig\OneClick\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Robo-FTP --> MsiExec.exe /I{CBBC145E-A157-46B2-9E67-19AF5D0A4DF7}
Robo-FTP Server --> MsiExec.exe /I{0D8F8D93-BE88-4338-A6C1-62BAE7C3E5E9}
RP Data VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Sandboxie 3.26 --> "C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
ScanSoft OmniPage 15.0 --> MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}
ScanSoft PDF Converter 3.0 --> MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984}
ScanSoft PDF Create 3.0 --> MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Snapshot Viewer --> C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Super Winspy v3.20 --> "C:\Program Files\Winspy\unins000.exe"
Swift 3D v4.50 --> MsiExec.exe /I{006DEADE-E12E-4DA0-AB65-134F0DE9AF9A}
TopLeaf --> C:\WINDOWS\IsUninst.exe -fC:\TopLeaf\Uninst.isu
UltraVNC v1.0.2 --> "C:\Program Files\UltraVNC\unins000.exe"
UniPrint Client 3.5.1 --> C:\PROGRA~1\UniPrint\Client\UNWISE.EXE C:\PROGRA~1\UniPrint\Client\INSTALL.LOG
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VideoEgg Publisher --> C:\Documents and Settings\User\Application Data\VideoEgg\Uninstall.exe
Viewer V7 --> C:\Program Files\View7\UNINST7.EXE
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZipGenius 6 (6.0.3.1140) --> "C:\Program Files\ZipGenius 6\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type13223 / Error
Event Submitted/Written: 07/01/2008 11:03:51 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application vncviewer.exe, version 1.1.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13220 / Success
Event Submitted/Written: 07/01/2008 08:56:20 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13219 / Warning
Event Submitted/Written: 07/01/2008 08:40:59 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90120000-0011-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles' failed during request for component '{0638C49D-BB8B-4CD1-B191-055E8F325736}'

Event Record #/Type13218 / Warning
Event Submitted/Written: 07/01/2008 08:40:59 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90120000-0011-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles', component '{FD7878D4-39CC-4BE5-91F6-330ED22AC5FD}' failed. The resource 'HKEY_CLASSES_ROOT\.pst\' does not exist.

Event Record #/Type13191 / Warning
Event Submitted/Written: 06/30/2008 08:37:34 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90120000-0011-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles' failed during request for component '{0638C49D-BB8B-4CD1-B191-055E8F325736}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19963 / Warning
Event Submitted/Written: 06/27/2008 07:22:40 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type19962 / Warning
Event Submitted/Written: 06/27/2008 00:07:46 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\MELYNDA on the network \Device\NetBT_Tcpip_{80456B6E-46E9-4003-A5ED-16F5AEC56BB3}.
The data is the error code.

Event Record #/Type19926 / Error
Event Submitted/Written: 06/26/2008 03:44:37 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type19925 / Error
Event Submitted/Written: 06/26/2008 03:44:37 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type19924 / Error
Event Submitted/Written: 06/26/2008 03:25:07 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-07-01 15:18:06 ------------






KASPERSKY SCAN

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 01, 2008 04:33:03
Records in database: 901225
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
H:\
K:\
P:\
V:\
Z:\

Scan statistics:
Files scanned: 524876
Threat name: 29
Infected objects: 74
Suspicious objects: 0
Duration of the scan: 08:09:36


File name / Threat name / Threats count
C:\Program Files\UltraVNC\WinVNC.exe/C:\Program Files\UltraVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
UsrLog.exe\UsrLog.exe/UsrLog.exe\UsrLog.exe Infected: not-a-virus:Monitor.Win32.UserLogger.29 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe/C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe Infected: not-a-virus:Monitor.Win32.UserLogger.29 1
C:\Program Files\UltraVNC\vncviewer.exe/C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\== Cityscope ==\Cityscope Web Site - AU\downloads\rpremotehelp.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\== Cityscope ==\Cityscope Web Site - AU\inhouse\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2
C:\== Cityscope ==\Cityscope Web Site - AU\inhouse\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Chris\miscellaneous\426Mb Hard Drive\keykey.zip Infected: not-a-virus:Monitor.Win32.KeyKey.121 1
C:\Chris\miscellaneous\426Mb Hard Drive\keykey.zip Infected: not-a-virus:Monitor.Win32.KeyKey.112 2
C:\Chris\miscellaneous\426Mb Hard Drive\Phantom2\phantom2.exe Infected: not-a-virus:Monitor.Win32.Phantom2.10 1
C:\Chris\miscellaneous\SolarSystemscreensaverinstaller3.exe Infected: not-a-virus:AdWare.Win32.Comet.bl 1
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-58cd2d08-28678072.zip Infected: Trojan.Java.ClassLoader.ao 3
C:\Documents and Settings\User\Desktop\Desktop Icons\artbox-remote-help.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Documents and Settings\User\Desktop\Desktop Icons\rpremotehelp.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Outlook\outlook.ost Infected: Trojan-Downloader.Win32.Small.gvy 1
C:\NICKY\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\NICKY\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\NICKY\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\Accessdiver\ad4.401.exe Infected: not-a-virus:NetTool.Win32.AccessDiver.4401 1
C:\Program Files\UltraVNC\cityscopevncconnections.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\pre-OneClick backup\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\pre-OneClick backup\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\UltraVNC\vncconnections-james-cpmr2.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\SOFTWARE\== MAPPING\AutoCAD 2009\Autodesk Autocad 2009\Setup.exe Infected: Trojan.Win32.Monder.gen 1
C:\SOFTWARE\== MAPPING\AutoCAD 2009\Autodesk Autocad 2009.rar Infected: Trojan.Win32.Monder.gen 1
C:\SOFTWARE\== MISC\Access Diver\access-diver.zip Infected: not-a-virus:NetTool.Win32.AccessDiver.4401 1
C:\SOFTWARE\== MISC\Access Diver\ad4.401.installer.exe Infected: not-a-virus:NetTool.Win32.AccessDiver.4401 1
C:\SOFTWARE\== MISC\ophcrack\ophcrack-win32-installer-2.4.1.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 1
C:\SOFTWARE\== MISC\ophcrack\ophcrack-win32-installer-2.4.1.exe Infected: not-a-virus:PSWTool.Win32.PWDump.s 1
C:\SOFTWARE\== MISC\ophcrack\ophcrack-win32-installer-2.4.1.exe Infected: not-a-virus:PSWTool.Win32.PWDump.d 2
C:\SOFTWARE\== MISC\Windows Keyfinder\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\SOFTWARE\== MISC\Windows Keyfinder\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\SOFTWARE\== MISC\Windows Keyfinder\kf151.zip Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\SOFTWARE\== MISC\Windows Keyfinder\kf151.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\SOFTWARE\== NETWORKING\VNC\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\SOFTWARE\== NETWORKING\VNC\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\pre-one-click SC (Single Click)\old\rpremotehelp.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\pre-one-click SC (Single Click)\rpremotehelp.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\SC (Single Click)\old\rpremotehelp.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\SC (Single Click)\rpremotehelp.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\UltraVNC-100-RC18-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\UltraVNC-100-RC18-Setup.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\UltraVNC-101-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 2
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\UltraVnc-101-Setup.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 2
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2
C:\SOFTWARE\== NETWORKING\VNC\ultraVNC\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\HijackThis\backups\backup-20060629-114013-395.dll Infected: Trojan-Downloader.Win32.Zlob.wd 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\IMlock\IMLESetup.exe Infected: Trojan-Spy.Win32.ProAgent.21 2
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\free_kgb_setup_451.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.at 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\free_kgb_setup_451.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.g 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\free_kgb_setup_451.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.m 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\i_bpk_lite.exe Infected: not-a-virus:Monitor.Win32.Perflogger.dv 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\i_bpk_lite.exe Infected: not-a-virus:Monitor.Win32.Perflogger.a 2
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\kgb_setup_451.exe Infected: Backdoor.Win32.Rbot.gze 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\kgb_setup_451.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.m 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\smart-keystroke-recorder-setup.exe Infected: not-a-virus:Monitor.Win32.SKRecorder.a 2
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\UsrLog.exe Infected: not-a-virus:Monitor.Win32.UserLogger.29 1
C:\SOFTWARE\== SECURITY+ANTIVIRUS\Keystroke Logger\User Log (freeware)\usrlog.zip Infected: not-a-virus:Monitor.Win32.UserLogger.29 1
C:\Temp\oldtemp\catfud\UltraVnc-101-Setup.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 2

The selected area was scanned.
I'd rather be skydiving...

#4 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 03 July 2008 - 05:41 AM

Hello chrisjacks.

This program is legitimate:
C:\SOFTWARE\== MAPPING\AutoCAD 2009

Also, autocad script files open with Notepad.
If you do not want them to open with Notepad, please complete the following step.

Make sure DSS.exe is on your Desktop
Next press Start->Run,
Copy/Paste the following command into the box and press OK:

"%userprofile%\desktop\dss.exe" /daft

Press OK to the disclaimer(s) and then press Scan
Place checkmarks in all the boxes that appear and press Fix
Then close Deckard's System Scanner

Next:
This entry is a crack/keygen.
C:\SOFTWARE\== MISC\ophcrack\ophcrack-win32-installer-2.4.1.exe Infected: not-a-virus:PSWTool.Win32.PWDump.s 1

Crack, keygen and pirate sites are places some folks go to look for keys and workarounds to illegally use products rather than buy them. In many cases, these sites are infested with a smörgåsbord of malware and an increasing source of system infection. They can lead to other sites containing more malware which you can inadvertently download without knowledge or consent. In some instances an infection may cause so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply along with a new DSS report.
    And please let me know how the computer is performing now.

White Warrior

#5 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:04:48 AM

Posted 11 July 2008 - 09:26 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users