Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up In System Tray Says Auto Updates Off....hjt Log


  • This topic is locked This topic is locked
4 replies to this topic

#1 bizarrechaos

bizarrechaos

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 June 2008 - 08:07 PM

It started with the red shield in the system tray saying that my auto updates were off so i went into control panel to turn them on it wouldnt turn on i scanned with etrust pestpatrol it found Darksma, i scanned with spybot it found virtumon i scanned with both again in safemode and removed them i restart into normal and the shield is still there and when i try and update windows a fake popup comes up for a system checker or some crap firefox will only load pages in safemode im not a nood but i could use a little help if its not to much to ask, thats why i came here to the experts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:07, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32acs.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesCAeTrust PestPatrolPPActiveDetection.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32Rundll32.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:PROGRA~1MICROS~2rapimgr.exe
C:Program FilesBelkinPCI F5D7000Wireless UtilityBelkinwcui.exe
C:Program FilesRK_Launcher_04_BetaRKLauncher.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O4 - HKLM..Run: [eTrustPPAP] "C:Program FilesCAeTrust PestPatrolPPActiveDetection.exe"
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [VirtualCloneDrive] "C:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe" /s
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 - HKLM..Run: [9cc1dd92] rundll32.exe "C:WINDOWSsystem32cmcswgyu.dll",b
O4 - HKLM..Run: [BM9ff2ee0e] Rundll32.exe "C:WINDOWSsystem32bkbjfbhd.dll",s
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - Startup: Pidgin.lnk = C:Program FilesPidginpidgin.exe
O4 - Startup: RKLauncher.lnk = C:Program FilesRK_Launcher_04_BetaRKLauncher.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:Program FilesBelkinPCI F5D7000Wireless UtilityBelkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~2INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~2INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~2INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O17 - HKLMSystemCCSServicesTcpip..{39D586B7-397A-4F0B-89A3-55B9D27D41AB}: NameServer = 24.25.5.150,192.168.2.1
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe

--
End of file - 4838 bytes
-----------
-----------
Im new to the forum i should have put virtumonde in the title sorry guys

edit: I find some interesting things when using autoruns under IE
3 .dll
{BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257} c:windowssystem32yayxqigy.dll
{c25c006b-be25-417c-82d6-dda17183dcc4} c:windowssystem32kbpxaqdf.dll
{F2018A93-D9B5-4117-BBA0-81E10CB98B2C} c:windowssystem32awtstunl.dll

Merged posts. ~ OB

Edited by Orange Blossom, 05 June 2008 - 09:48 PM.


BC AdBot (Login to Remove)

 


#2 bizarrechaos

bizarrechaos
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 05 June 2008 - 11:11 PM

I ran combofix it seemed to work here is the log
ComboFix 08-06-05.3 - Brandon Carter 2008-06-05 23:28:15.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.795 [GMT -4:00]
Running from: C:\Documents and Settings\Brandon Carter\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9ff2ee0e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\anadsyar.ini
C:\WINDOWS\system32\awtstUnl.dll
C:\WINDOWS\system32\lnUtstwa.ini
C:\WINDOWS\system32\lnUtstwa.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\uygwscmc.ini
C:\WINDOWS\system32\yayXQiGY.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 23:15 . 2008-06-05 23:15 <DIR> d-------- C:\Deckard
2008-06-05 19:48 . 2008-06-05 19:48 <DIR> d-------- C:\VundoFix Backups
2008-06-05 18:13 . 2008-06-05 18:13 <DIR> d-------- C:\!KillBox
2008-06-05 17:58 . 2008-06-05 17:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 16:04 . 2008-06-05 16:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 06:52 . 2008-06-05 06:52 116,736 --a------ C:\WINDOWS\system32\cmcswgyu.dll
2008-06-05 06:46 . 2008-06-05 06:46 132,608 --a------ C:\WINDOWS\system32\kbpxaqdf.dll
2008-06-05 06:43 . 2008-06-05 06:43 126,976 --a------ C:\WINDOWS\system32\bkbjfbhd.dll
2008-06-04 17:20 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-04 17:20 . 2008-06-04 17:20 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-06-04 17:20 . 2008-06-04 17:20 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-05-16 20:26 . 2008-05-16 20:27 <DIR> d-------- C:\Program Files\Pocket Tanks Deluxe
2008-05-15 23:57 . 2008-05-15 23:57 <DIR> d-------- C:\Program Files\Super Fast Shutdown
2008-05-15 01:11 . 2008-05-15 01:12 <DIR> d-------- C:\Documents and Settings\Brandon Carter\dwhelper
2008-05-08 14:57 . 2008-05-08 14:57 28,672 --a------ C:\WINDOWS\gscr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 03:32 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-06 00:45 --------- d-----w C:\Documents and Settings\Brandon Carter\Application Data\.purple
2008-06-05 21:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-04 22:33 --------- d-----w C:\Documents and Settings\Brandon Carter\Application Data\Azureus
2008-06-04 22:21 --------- d-----w C:\Program Files\Magic Video Converter
2008-06-03 20:09 --------- d-----w C:\Documents and Settings\Brandon Carter\Application Data\OpenOffice.org2
2008-05-31 02:02 --------- d-----w C:\Documents and Settings\Brandon Carter\Application Data\gtk-2.0
2008-04-29 20:11 --------- d-----w C:\Program Files\FrostWire
2008-04-26 04:41 --------- d-----w C:\Documents and Settings\Brandon Carter\Application Data\Ashampoo
2008-04-26 04:40 --------- d-----w C:\Program Files\Ashampoo
2008-04-26 04:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-04-26 03:54 --------- d-----w C:\Documents and Settings\Brandon Carter\Application Data\FrostWire
2008-04-14 01:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 01:48 --------- d-----w C:\Program Files\Symantec
2008-04-14 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-14 00:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:40 --------- d-----w C:\Program Files\Sling Media
2008-04-14 00:38 --------- d-----w C:\Program Files\Winamp
2008-04-14 00:38 --------- d-----w C:\Documents and Settings\Brandon Carter\Application Data\Winamp
2008-02-18 21:20 87,608 ----a-w C:\Documents and Settings\Brandon Carter\Application Data\inst.exe
2008-02-18 21:20 47,360 ----a-w C:\Documents and Settings\Brandon Carter\Application Data\pcouffin.sys
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-01-24 18:19 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-01-24 18:19 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c25c006b-be25-417c-82d6-dda17183dcc4}]
2008-06-05 06:46 132608 --a------ C:\WINDOWS\system32\kbpxaqdf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eTrustPPAP"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2007-02-08 21:49 131072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 11:27 45056]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"9cc1dd92"="C:\WINDOWS\system32\cmcswgyu.dll" [2008-06-05 06:52 116736]
"BM9ff2ee0e"="C:\WINDOWS\system32\bkbjfbhd.dll" [2008-06-05 06:43 126976]

C:\Documents and Settings\Brandon Carter\Start Menu\Programs\Startup\
Pidgin.lnk - C:\Program Files\Pidgin\pidgin.exe [2007-12-07 14:53:28 44658]
RKLauncher.lnk - C:\Program Files\RK_Launcher_04_Beta\RKLauncher.exe [2008-01-24 19:27:11 368640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-08-18 18:09:58 1388544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys [2005-06-01 23:37]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 18:51]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 23:32:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\cmcswgyu.dll
-> C:\WINDOWS\system32\bkbjfbhd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-06-05 23:35:33 - machine was rebooted [Brandon Carter]
ComboFix-quarantined-files.txt 2008-06-06 03:35:27

Pre-Run: 73,219,293,184 bytes free
Post-Run: 73,161,609,216 bytes free

147 --- E O F --- 2008-05-16 07:01:24

IE and Firefox dont fully work in normal mode just in safe mode with networking if anyone has any ideas let me know ill upload a full DSS tomorrow

#3 bizarrechaos

bizarrechaos
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 06 June 2008 - 04:29 PM

here is a fresh dss

Deckard's System Scanner v20071014.68
Run by Brandon Carter on 2008-06-06 17:15:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-06-06 21:16:01 UTC - RP146 - Deckard's System Scanner Restore Point
51: 2008-06-04 22:40:24 UTC - RP145 - Last known good configuration
50: 2008-06-04 22:40:20 UTC - RP144 - Installed Zune 2.0
49: 2008-06-04 22:40:20 UTC - RP143 - System Checkpoint
48: 2008-06-04 22:40:20 UTC - RP142 - System Checkpoint


-- First Restore Point --
1: 2008-06-04 22:40:13 UTC - RP95 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Brandon Carter.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16, on 2008-06-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\RK_Launcher_04_Beta\RKLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brandon Carter\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brandon Carter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {4ccd3817-1add-6d28-c714-52ebb600c52c} - {c25c006b-be25-417c-82d6-dda17183dcc4} - C:\WINDOWS\system32\kbpxaqdf.dll
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [9cc1dd92] rundll32.exe "C:\WINDOWS\system32\cmcswgyu.dll",b
O4 - HKLM\..\Run: [BM9ff2ee0e] Rundll32.exe "C:\WINDOWS\system32\bkbjfbhd.dll",s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: RKLauncher.lnk = C:\Program Files\RK_Launcher_04_Beta\RKLauncher.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1212725012562
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5649 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080605-174244-734 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080605-174244-903 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - c:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S2 zumbus (Zune Bus Enumerator Driver) - c:\windows\system32\drivers\zumbus.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10BD256C&0&10F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10BD256C&0&10F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
Service:


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-05 23:27:13 68096 --a------ C:\WINDOWS\zip.exe
2008-06-05 23:27:13 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-05 23:27:13 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-05 23:27:13 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-05 23:27:13 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-05 23:27:13 98816 --a------ C:\WINDOWS\sed.exe
2008-06-05 23:27:13 80412 --a------ C:\WINDOWS\grep.exe
2008-06-05 23:27:13 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-05 23:23:07 0 dr-hs---- C:\cmdcons
2008-06-05 23:23:05 0 d-------- C:\WINDOWS\setup.pss
2008-06-05 23:22:52 0 d-------- C:\WINDOWS\setupupd
2008-06-05 18:13:57 0 d-------- C:\!KillBox
2008-06-05 17:58:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-05 17:58:53 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-05 17:58:53 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-05 17:58:53 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-05 17:58:53 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-05 17:58:53 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-05 17:58:53 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-05 17:58:53 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-05 17:58:53 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-05 17:58:53 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-05 17:58:53 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-05 17:58:52 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-05 17:58:52 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-05 17:58:52 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-05 16:04:33 0 d-------- C:\Program Files\Trend Micro
2008-06-05 06:52:05 116736 --a------ C:\WINDOWS\system32\cmcswgyu.dll
2008-06-05 06:46:05 132608 --a------ C:\WINDOWS\system32\kbpxaqdf.dll
2008-06-05 06:43:06 126976 --a------ C:\WINDOWS\system32\bkbjfbhd.dll
2008-06-04 17:20:07 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-16 20:26:12 0 d-------- C:\Program Files\Pocket Tanks Deluxe
2008-05-15 23:57:52 0 d-------- C:\Program Files\Super Fast Shutdown
2008-05-15 01:11:12 0 d-------- C:\Documents and Settings\Brandon Carter\dwhelper
2008-05-08 14:57:34 28672 --a------ C:\WINDOWS\gscr.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-06 17:15:51 0 d-------- C:\Documents and Settings\Brandon Carter\Application Data\.purple
2008-06-06 17:14:18 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-05 17:45:37 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-04 19:23:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-04 18:33:54 0 d-------- C:\Documents and Settings\Brandon Carter\Application Data\Azureus
2008-06-04 18:21:31 0 d-------- C:\Program Files\Magic Video Converter
2008-06-03 16:09:21 0 d-------- C:\Documents and Settings\Brandon Carter\Application Data\OpenOffice.org2
2008-05-30 22:02:36 0 d-------- C:\Documents and Settings\Brandon Carter\Application Data\gtk-2.0
2008-04-29 16:11:19 0 d-------- C:\Program Files\FrostWire
2008-04-26 00:41:27 0 d-------- C:\Documents and Settings\Brandon Carter\Application Data\Ashampoo
2008-04-26 00:40:26 0 d-------- C:\Program Files\Ashampoo
2008-04-25 23:54:45 0 d-------- C:\Documents and Settings\Brandon Carter\Application Data\FrostWire
2008-04-13 21:49:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 21:48:50 0 d-------- C:\Program Files\Symantec
2008-04-13 20:40:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 20:40:40 0 d-------- C:\Program Files\Sling Media
2008-04-13 20:38:47 0 d-------- C:\Program Files\Winamp
2008-04-13 20:38:26 0 d-------- C:\Documents and Settings\Brandon Carter\Application Data\Winamp
2008-03-15 18:28:38 668 --a------ C:\Documents and Settings\Brandon Carter\Application Data\vso_ts_preview.xml


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c25c006b-be25-417c-82d6-dda17183dcc4}]
2008-06-05 06:46 132608 --a------ C:\WINDOWS\system32\kbpxaqdf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eTrustPPAP"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2007-02-08 21:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 11:27]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40]
"9cc1dd92"="C:\WINDOWS\system32\cmcswgyu.dll" [2008-06-05 06:52]
"BM9ff2ee0e"="C:\WINDOWS\system32\bkbjfbhd.dll" [2008-06-05 06:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]

C:\Documents and Settings\Brandon Carter\Start Menu\Programs\Startup\
Pidgin.lnk - C:\Program Files\Pidgin\pidgin.exe [2007-12-07 14:53:28]
RKLauncher.lnk - C:\Program Files\RK_Launcher_04_Beta\RKLauncher.exe [2008-01-24 19:27:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-08-18 18:09:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1785bdb2-da78-11dc-baa5-001150d485ab}]




-- End of Deckard's System Scanner: finished at 2008-06-06 17:18:16 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1014.07 MiB / 578.52 MiB
Pagefile Memory (total/avail): 2441.25 MiB / 2092.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.11 MiB

C: is Fixed (NTFS) - 145.73 GiB total, 68.08 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 37.27 GiB total, 25.73 GiB free.
F: is Removable (No Media)

\\.\PHYSICALDRIVE1 - SAMSUNG HD160JJ/P - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 145.73 GiB - C:
\PARTITION2 - Unknown - 3.25 GiB

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - E:

\\.\PHYSICALDRIVE2 - MATbleepA SD-USB-R/W USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brandon Carter\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRANDON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brandon Carter
LOGONSERVER=\\BRANDON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp
USERDOMAIN=BRANDON
USERNAME=Brandon Carter
USERPROFILE=C:\Documents and Settings\Brandon Carter
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Brandon Carter (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ambush Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins006.exe"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Ashampoo Burning Studio 7.21 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
Audacity 1.3.3 (Unicode) --> "C:\Program Files\Audacity\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Belkin Wireless Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5314FAC0-F8A5-4432-8980-251D055B2C5B}
CA eTrust PestPatrol --> MsiExec.exe /X{39586F4F-758D-4A92-A5DF-33E9DB9C09D9}
Chaos Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins005.exe"
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 2.99.13.900 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Flamethrower Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins004.exe"
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glarysoft Registry Repair 2.6 --> "C:\Program Files\Registry Repair\unins000.exe"
GoldWave v5.20 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
GTK+ Runtime 2.12.1 rev b (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hex Workshop v5 --> MsiExec.exe /I{26A373DB-162B-4B6E-A488-0BED0F0FB227}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic Video Converter Trial Version (English) 8.0.2.18 --> "C:\Program Files\Magic Video Converter\unins000.exe"
Meteor Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins003.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nuke Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins002.exe"
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
Pocket Tanks Deluxe 1.00a --> "C:\Program Files\Pocket Tanks Deluxe\unins000.exe"
Power Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins001.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SlingPlayer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Sony ATRAC3 Audio Codec (remove only) --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\WINDOWS\INF\atrac3.inf
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Fast Shutdown 1.0 --> "C:\Program Files\Super Fast Shutdown\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
USB Storage Driver --> DelUIDrv.exe
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4116 / Warning
Event Submitted/Written: 06/05/2008 08:21:18 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\System Volume Information\_restore{CD1908D0-5263-4E28-A4B7-0F0608DE7A4A}\RP99\A0030536.exe due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type4115 / Warning
Event Submitted/Written: 06/05/2008 08:20:29 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\System Volume Information\_restore{CD1908D0-5263-4E28-A4B7-0F0608DE7A4A}\RP97\A0030253.exe due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type4114 / Warning
Event Submitted/Written: 06/05/2008 08:20:09 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\System Volume Information\_restore{CD1908D0-5263-4E28-A4B7-0F0608DE7A4A}\RP95\A0030093.exe due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type4113 / Warning
Event Submitted/Written: 06/05/2008 08:19:59 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\System Volume Information\_restore{CD1908D0-5263-4E28-A4B7-0F0608DE7A4A}\RP95\A0029998.exe due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type4112 / Warning
Event Submitted/Written: 06/05/2008 08:19:45 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\System Volume Information\_restore{CD1908D0-5263-4E28-A4B7-0F0608DE7A4A}\RP95\A0029882.exe due to extraction errors encountered by the Decomposer Engines.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type196189 / Error
Event Submitted/Written: 06/06/2008 05:14:09 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Event Record #/Type196183 / Error
Event Submitted/Written: 06/06/2008 00:08:04 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
ElbyCDIO
Fips
intelppm
SAVRT
SAVRTPEL
SPBBCDrv

Event Record #/Type196182 / Error
Event Submitted/Written: 06/06/2008 00:07:35 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type196181 / Error
Event Submitted/Written: 06/06/2008 00:07:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type196180 / Error
Event Submitted/Written: 06/06/2008 00:07:29 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-06 17:18:16 ------------

MOD please delete thread I have resolved my issue

Edited by bizarrechaos, 07 June 2008 - 12:00 AM.


#4 bizarrechaos

bizarrechaos
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 13 June 2008 - 05:56 AM

I recieved help in another forum I'm good so if mod wants to close or lock this thread please do

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:28 PM

Posted 01 July 2008 - 06:59 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users