Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Vunda/smitfraud/ Rogue Software


  • This topic is locked This topic is locked
6 replies to this topic

#1 obligatory

obligatory

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 11 June 2008 - 03:35 AM

any help much appreciated guys!!!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:50 PM, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\John\Desktop\HiJackThis.exe
C:\WINDOWS\System32\imapi.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\system32\serbw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167739558812
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4639 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:35 PM

Posted 11 June 2008 - 08:51 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please go to this page and scroll down to step 6.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Follow the directions there to run DSS and then post those logs back here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 obligatory

obligatory
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 12 June 2008 - 07:27 AM

thanks! here are the results:


main:


Deckard's System Scanner v20071014.68
Run by John on 2008-06-12 18:56:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
58: 2008-06-12 08:53:55 UTC - RP277 - Deckard's System Scanner Restore Point
57: 2008-06-11 01:05:23 UTC - RP276 - Last known good configuration
56: 2008-06-11 01:03:12 UTC - RP275 - Restore Operation
55: 2008-06-11 01:03:12 UTC - RP274 - computer semi-bleeped
54: 2008-06-11 01:03:12 UTC - RP273 - before smitfraudfix installation


-- First Restore Point --
1: 2008-06-11 01:03:06 UTC - RP220 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 15.72 GiB (less than 15%) free.


-- HijackThis (run as John.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:45 PM, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
E:\dss.exe
C:\DOCUME~1\John\Desktop\John.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2587F5F9-BCDF-4076-98EF-AFC65C5BD816} - C:\WINDOWS\system32\vtUlKATk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SVC plugin - {67EE7798-F2A0-415C-9473-0F174BD5A8B8} - C:\WINDOWS\tapost16a.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C1582843-7B04-4444-9915-6C3DD59F974A} - C:\WINDOWS\system32\opnonoLb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\system32\serbw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167739558812
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - Winlogon Notify: vtUlKATk - C:\WINDOWS\SYSTEM32\vtUlKATk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5303 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 IFP700 (iRiver Internet Audio Player IFP-700) - c:\windows\system32\drivers\ifp700.sys <Not Verified; iRiver, Inc.; IFP-100>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 tandpl - c:\windows\system32\drivers\tandpl.sys
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 bDMusicb - c:\docume~1\john\locals~1\temp\bdmusicb.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/XP>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ecure (FireDaemon Service: ecure) - c:\windows\temp\firedaemon.exe (file missing)
S4 svchost1 (FireDaemon Service: svchost1) - c:\windows\temp\firedaemon.exe (file missing)
S4 system (FireDaemon Service: system) - c:\windows\temp\firedaemon.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 18:28:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-05-07 20:26:08 340 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1107163565.job


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-11 11:31:51 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-06-11 11:20:51 0 d-------- C:\VundoFix Backups
2008-06-11 11:19:51 0 dr-h----- C:\Documents and Settings\John\Recent
2008-06-10 23:00:25 0 d-------- C:\Program Files\Trend Micro
2008-06-10 18:37:58 30080 --a------ C:\WINDOWS\system32\drivers\Winrx52.sys
2008-06-10 14:59:51 15360 --a------ C:\WINDOWS\system32\WinCtrl32(2).dll
2008-06-10 14:53:19 3502080 --a------ C:\Documents and Settings\Test\ntuser.dat
2008-06-10 14:53:19 8454144 --a------ C:\Documents and Settings\Maddie\ntuser.dat
2008-06-10 14:52:53 162762 --ahs---- C:\WINDOWS\system32\bLononpo.ini2
2008-06-10 14:46:18 321280 --a------ C:\WINDOWS\system32\opnonoLb.dll
2008-06-10 14:41:11 29824 --a------ C:\WINDOWS\system32\vtUlKATk.dll
2008-06-10 14:38:38 0 d-------- C:\Program Files\NetProject
2008-06-10 14:28:59 253952 --a------ C:\WINDOWS\tapost16a.dll
2008-06-10 14:28:04 52 --a------ C:\smp.bat
2008-05-17 00:48:22 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-17 00:44:01 0 d-------- C:\Documents and Settings\John\Application Data\dvdcss
2008-05-12 20:16:08 0 d-------- C:\Documents and Settings\Maddie\Application Data\vlc
2008-05-12 20:07:38 0 d-------- C:\Documents and Settings\Maddie\Application Data\dvdcss


-- Find3M Report ---------------------------------------------------------------

2008-06-11 11:32:12 0 d-------- C:\Program Files\PowerISO
2008-06-07 08:00:03 0 d-------- C:\Documents and Settings\John\Application Data\AVG7
2008-05-18 18:09:49 0 d-------- C:\Program Files\LucasArts
2008-05-17 10:59:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-02 21:31:07 0 d-------- C:\Program Files\Common Files
2008-05-02 21:30:53 0 d-------- C:\Documents and Settings\John\Application Data\Atari
2008-05-02 21:29:52 0 d-------- C:\Program Files\BitComet
2008-04-26 17:55:17 0 d-------- C:\Documents and Settings\John\Application Data\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2587F5F9-BCDF-4076-98EF-AFC65C5BD816}]
10/06/2008 02:41 PM 29824 --a------ C:\WINDOWS\system32\vtUlKATk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67EE7798-F2A0-415C-9473-0F174BD5A8B8}]
10/06/2008 02:28 PM 253952 --a------ C:\WINDOWS\tapost16a.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}]
C:\Program Files\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1582843-7B04-4444-9915-6C3DD59F974A}]
10/06/2008 02:52 PM 321280 --a------ C:\WINDOWS\system32\opnonoLb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/03/2006 01:16 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ltwob"=C:\WINDOWS\msmbw.exe
"serpe"=C:\WINDOWS\system32\serbw.exe
"avnort"=C:\WINDOWS\system32\serbw.exe
"some"=C:\Program Files\NetProject\scit.exe
"start"=C:\Program Files\NetProject\sbmntr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"ltwob"=C:\WINDOWS\system32\formatsys.exe
"serpe"=C:\WINDOWS\system32\serbw.exe
"avnort"=C:\WINDOWS\system32\serbw.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2587F5F9-BCDF-4076-98EF-AFC65C5BD816}"= C:\WINDOWS\system32\vtUlKATk.dll [10/06/2008 02:41 PM 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlKATk]
vtUlKATk.dll 10/06/2008 02:41 PM 29824 C:\WINDOWS\system32\vtUlKATk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnonoLb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\John\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\DOCUME~1\Maddie\LOCALS~1\Temp\printsrv.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigPond Toolbar]
"C:\Program Files\Telstra\Toolbar\bpumTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
???\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ssgrate.exe]
C:\WINDOWS\system32\wintems.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c86144b-6e90-11d9-91b5-806d6172696f}]
open\command- %SystemRoot%\Explorer.exe /idlist,%I,%L

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dd5583a-6e63-11d9-9ca1-806d6172696f}]
AutoRun\command- D:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-12 18:59:14 ------------










extra:



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4400+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2047.48 MiB / 1610.79 MiB
Pagefile Memory (total/avail): 3939.55 MiB / 3688.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.71 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 15.72 GiB free.
D: is Fixed (NTFS) - 111.79 GiB total, 47.12 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - D:

\\.\PHYSICALDRIVE0 - ST3160827AS - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
AUState says computer is ready and waiting.
Windows Internal Firewall is disabled.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe:*:Enabled:AVG Free Edition for Windows"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe:*:Enabled:AVG Free Virus Vault"
"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"="C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jberrill\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\jberrill\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Joint Operations\\Joint Operations Typhoon Rising\\UPDATE.EXE"="C:\\Program Files\\Joint Operations\\Joint Operations Typhoon Rising\\UPDATE.EXE:*:Enabled:UPDATE"
"C:\\Program Files\\Joint Operations\\Joint Operations Typhoon Rising\\Jointops.exe"="C:\\Program Files\\Joint Operations\\Joint Operations Typhoon Rising\\Jointops.exe:*:Enabled:Jointops"
"C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Telstra\\Cable Login\\bpcable.exe"="C:\\Program Files\\Telstra\\Cable Login\\bpcable.exe:*:Enabled:BigPond Cable Client"
"C:\\Program Files\\Telstra\\Cable Login\\bpcService.exe"="C:\\Program Files\\Telstra\\Cable Login\\bpcService.exe:*:Enabled:BigPond Cable Client (running as a service)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\John\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOHN
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\John
LOGONSERVER=\\JOHN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\John\LOCALS~1\Temp
TMP=C:\DOCUME~1\John\LOCALS~1\Temp
USERDOMAIN=JOHN
USERNAME=John
USERPROFILE=C:\Documents and Settings\John
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

John (admin)
Maddie (admin)
Test (admin)
-
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ASUS Probe V2.23.06 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ASUS WLAN Card Utilities/Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudioConverter Studio 5.2 --> "C:\Program Files\AudioConverter Studio\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BigPond Toolbar --> MsiExec.exe /I{E063D6FC-1BD7-4653-BDB8-0A3149258B23}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDCheck --> "C:\Program Files\CDCheck\uninst.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative DVD Audio Plugin for Audigy Series --> "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EvilLyrics --> "C:\Program Files\EvilLyrics\uninst.exe"
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" -l0x9 -removeonly
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Half-Life Dedicated Server Update Tool --> C:\PROGRA~1\Valve\HLServer\UNWISE.EXE C:\PROGRA~1\Valve\HLServer\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\John\Desktop\HijackThis.exe" /uninstall
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series --> rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
iConcertCal --> MsiExec.exe /I{0589A3D7-24CE-4F84-9FD4-BA07D52B3937}
InterVideo Disc Master 2 --> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
InterVideo DVDCopy 2 for AsusTek --> "C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
InterVideo WinDVD 5 --> "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
iPod for Windows 2005-01-11 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3476E8FA-00F1-48AF-8771-236C84FC7CB8} /l1033
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows User Guide --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9987754-9A14-4B61-ABB3-73A79503238D} /l1033
iPod System Software Updater 2.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B02B8E30-EB28-49B0-A60F-696268BAE033} /l1033
iPod2PC 2.10 --> "C:\Program Files\iPod2PC\unins000.exe"
iriver Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
K-Lite Codec Pack 2.81 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LucasArts' The Phantom Menace --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\The Phantom Menace\DeIsL1.isu"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access 2003 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nero 7 --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
nList Access Runtimes --> MsiExec.exe /I{4DDB5B98-756F-4FD7-BE93-A76CA3DD5FA7}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
OpenOffice.org 2.0 --> MsiExec.exe /I{75852F49-2CAF-443F-B7C2-53DE5847DE56}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Reason Demo 3.0.4 --> "C:\Program Files\Propellerhead\Reason Demo\Uninstall Reason Demo\unins000.exe"
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{788A9E76-1079-445D-B9A1-6DBB9420F7C3}
Sony Sound Forge 8.0d --> MsiExec.exe /X{5636E517-8100-4E2A-B69E-2B16AFFA2360}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SP2 Connection Patcher --> C:\Program Files\WXPSP2ConnectionPatcher\uninstall.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars JK II Jedi Outcast --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
System Qualifier --> C:\WINDOWS\system32\javaws.exe -uninstall "https://secure.shaw.ca/apps/shawsecure/ssqual.jnlp"
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 0.91 --> C:\Program Files\VideoraiPodConverter\uninst.exe
Web Application --> "C:\Program Files\NetProject\scu.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Messenger 5.0 --> MsiExec.exe /I{1F0BD960-6525-4FEE-B577-2473F77F1277}
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
winLAME prerelease4 --> MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
XPS Essentials Pack --> MsiExec.exe /X{6A69D94E-C569-4154-9643-72E94D1DDFDA}
XPS Essentials Pack 1.0 --> %SystemRoot%\$NtUninstallXpsEP$\spuninst\spuninst.exe /u


-- Application Event Log -------------------------------------------------------

Event Record #/Type128817 / Error
Event Submitted/Written: 06/12/2008 06:58:31 PM
Event ID/Source: 3 / crypt32
Event Description:
Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The specified server cannot perform the requested operation.

Event Record #/Type128815 / Error
Event Submitted/Written: 06/12/2008 06:58:31 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type128814 / Error
Event Submitted/Written: 06/12/2008 06:58:27 PM
Event ID/Source: 3 / crypt32
Event Description:
Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This operation returned because the timeout period expired.

Event Record #/Type128812 / Error
Event Submitted/Written: 06/12/2008 06:57:54 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type128810 / Error
Event Submitted/Written: 06/12/2008 06:55:59 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43599 / Error
Event Submitted/Written: 06/12/2008 06:51:06 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type43594 / Error
Event Submitted/Written: 06/12/2008 07:52:32 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Event Record #/Type43593 / Error
Event Submitted/Written: 06/12/2008 07:50:32 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Event Record #/Type43467 / Error
Event Submitted/Written: 06/11/2008 09:18:31 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type43462 / Error
Event Submitted/Written: 06/11/2008 09:17:12 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-06-12 18:59:14 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:35 PM

Posted 12 June 2008 - 03:22 PM

You've got some nastiness there in your log.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {2587F5F9-BCDF-4076-98EF-AFC65C5BD816} - C:\WINDOWS\system32\vtUlKATk.dll
O2 - BHO: SVC plugin - {67EE7798-F2A0-415C-9473-0F174BD5A8B8} - C:\WINDOWS\tapost16a.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: (no name) - {C1582843-7B04-4444-9915-6C3DD59F974A} - C:\WINDOWS\system32\opnonoLb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\system32\serbw.exe
O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\system32\serbw.exe
O20 - Winlogon Notify: vtUlKATk - C:\WINDOWS\SYSTEM32\vtUlKATk.dll



==================


You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=================



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new DSS log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 obligatory

obligatory
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 13 June 2008 - 10:48 PM

thank Sam but that didnt seem to fix the problem. seems my computer has become a bit more slow, explorer is still disappearing and reappearing and i cant connect to web pages any more. im at wits end with these viruses...what can i do??

thanks

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:35 PM

Posted 14 June 2008 - 11:11 AM

I can't tell what we need to do next until you post the logs for me to review.

Finally paste the contents of the Report.txt back on the forum with a new DSS log


Your computer is badly infected, so this will take a few steps.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:35 PM

Posted 26 June 2008 - 11:50 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users