Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Pc... How To 1st Proceed


  • This topic is locked This topic is locked
39 replies to this topic

#1 havoc110

havoc110

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 15 June 2008 - 12:06 PM

What I know:

everything slowed down a few days ago on my PC. I noticed it because my screen saver was very choppy.

next, this AM, everything grinds to a standstill. Task manager reports 100% activity, even upon clean reboot.

Problem seems to be with Weatherbug, so once closed and opened, problem seems resolved.

Then, zone alarm starts in with lots of apps, of previous unknown names trying to access the internet.
all requests denied of course.

another reboot, then

my desktop wall paper has been replace with a blue screen with text in the center beginning with "spyware detected" or some such
and a link (active desktop style, i suppose), to scan my pc. (not used) also spyware alerts
popping up in system tray (one hit, opened an ad site for sypware removal, subsequent alerts ignored).

IE browser unable to connect to bleepingcomputer.com
search results are being redirected and using previous favorite links appear dead, but i'm writing this
from a different PC.

from a virus infection a year ago, i received a lot of help here
how best to proceed without making things worse?

thanks,
Don.

also, before the last reboot, i tried to check the windows task manager
and it reported task manager disabled by adminstrator

also pc is running xp home.

ok, connection to kaspersky not allowed.

here's DSS report 1:

Deckard's System Scanner v20071014.68
Run by Don Walsh on 2008-06-15 14:58:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-15 18:59:00 UTC - RP341 - Deckard's System Scanner Restore Point
4: 2008-06-15 05:05:38 UTC - RP340 - System Checkpoint
3: 2008-06-13 20:36:51 UTC - RP339 - System Checkpoint
2: 2008-06-12 20:14:04 UTC - RP338 - System Checkpoint
1: 2008-06-11 20:12:59 UTC - RP337 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Don Walsh.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:42 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSYSTEM32ZoneLabsvsmon.exe
C:WINDOWSsystem32iftuyszv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesDellMedia ExperiencePCMService.exe
C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe
C:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FileswebHancerProgramswhagent.exe
C:Program FilesAWSWeatherBugWeather.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Program FilesGetModuleGetModule18.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesPalmHotsync.exe
C:Program FilesTrilliantrillian.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsDon WalshDesktopdss.exe
C:PROGRA~1TRENDM~1HIJACK~1Don Walsh.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:Program FileswebHancerprogramswhiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [StorageGuard] "C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [PCMService] "C:Program FilesDellMedia ExperiencePCMService.exe"
O4 - HKLM..Run: [OpwareSE2] "C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe"
O4 - HKLM..Run: [mmtask] c:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [webHancer Agent] C:Program FileswebHancerProgramswhagent.exe
O4 - HKCU..Run: [TClockEx] C:Program FilesTClockExTCLOCKEX.EXE
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU..Run: [Weather] C:Program FilesAWSWeatherBugWeather.exe 1
O4 - HKCU..Run: [Microsoft Windows Installer] C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe
O4 - HKCU..Run: [GetModule18] "C:Program FilesGetModuleGetModule18.exe"
O4 - Startup: Trillian.lnk = C:Program FilesTrilliantrillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:Program FilesCommon FilesAutodesk Sharedacstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:Program FilesPalmHotsync.exe
O8 - Extra context menu item: Convert to Palm e-Book - C:Program FilesCnPUG-WavePDBWavePDB.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program FilesIrfanViewEbayEbay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:PROGRA~1AWSWEATHE~1Weather.exe (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
O16 - DPF: {6741FA2E-5E72-11D9-B8D3-A78832C1C537} (Generator7.IonSaliuGen7) - http://www.saliu.com/Generator7.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183147794796
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.leesallee.com/Remote/msrdp.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:Program FilesAutoCAD LT 2002AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:Program FilesAutoCAD LT 2002InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:Program FilesAutoCAD LT 2002InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF7BD15D-60A8-11D8-B8D1-B7651DB32741} (Calculator.IonOddsCalc) - http://www.saliu.com/Calculator.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:Program FilesAutoCAD LT 2002AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelNCSSyncNetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSSYSTEM32ZoneLabsvsmon.exe

--
End of file - 21081 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADLTScriptFile - shellopencommand - "C:WINDOWSnotepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:windowssystemrootsystem32driversagp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:windowssystem32driversomci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 cdenable - c:windowssystem32driverscdenable.sys

S3 catchme - c:docume~1donwal~1locals~1tempcatchme.sys (file missing)
S3 iAimTV2 - c:windowssystem32driverswatv03nt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:windowssystem32driverswanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:program fileslavasoftad-aware 2007aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 07:13:53 538 --a------ C:WINDOWSTasksNorton AntiVirus - Scan my computer - Don Walsh.job
2008-06-11 14:26:01 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 12:45:39 9216 --a------ C:WINDOWSy.exe
2008-06-15 12:45:38 16128 --a------ C:WINDOWSxplugin.dll
2008-06-15 12:45:38 28672 --a------ C:WINDOWSx.exe
2008-06-15 12:45:38 10752 --a------ C:WINDOWSwinmgnt.exe
2008-06-15 12:45:37 22272 --a------ C:WINDOWSwindow.exe
2008-06-15 12:45:37 15104 --a------ C:WINDOWSwinajbm.dll
2008-06-15 12:45:37 27392 --a------ C:WINDOWSwin64.exe
2008-06-15 12:45:37 12288 --a------ C:WINDOWSwin32e.exe
2008-06-15 12:45:37 12800 --a------ C:WINDOWSwaol.exe
2008-06-15 12:45:36 20224 --a------ C:WINDOWSusers32.exe
2008-06-15 12:45:36 10496 --a------ C:WINDOWStime.exe
2008-06-15 12:45:36 16640 --a------ C:WINDOWSsystemcritical.exe
2008-06-15 12:45:36 9216 --a------ C:WINDOWSsysteem.exe
2008-06-15 12:45:36 31744 --a------ C:WINDOWSsvcinit.exe
2008-06-15 12:45:35 27648 --a------ C:WINDOWSsvchost32.exe
2008-06-15 12:45:35 10496 --a------ C:WINDOWSsistem.exe
2008-06-15 12:45:35 11776 --a------ C:WINDOWSsearchword.dll
2008-06-15 12:45:35 20736 --a------ C:WINDOWSrundll16.exe
2008-06-15 12:45:35 11520 --a------ C:WINDOWSquicken.exe
2008-06-15 12:45:34 21760 --a------ C:WINDOWSqttasks.exe
2008-06-15 12:45:34 22528 --a------ C:WINDOWSolehelp.exe
2008-06-15 12:45:34 13056 --a------ C:WINDOWSnotepad32.exe
2008-06-15 12:45:34 26880 --a------ C:WINDOWSmtwirl32.dll
2008-06-15 12:45:33 24064 --a------ C:WINDOWSmswsc20.dll
2008-06-15 12:45:33 24320 --a------ C:WINDOWSmswsc10.dll
2008-06-15 12:45:33 27136 --a------ C:WINDOWSmsupdate.exe
2008-06-15 12:45:33 20480 --a------ C:WINDOWSmssys.exe
2008-06-15 12:45:32 12800 --a------ C:WINDOWSmsspi.dll
2008-06-15 12:45:32 22016 --a------ C:WINDOWSmsconfd.dll
2008-06-15 12:45:32 28928 --a------ C:WINDOWSloader.exe
2008-06-15 12:45:32 23552 --a------ C:WINDOWSinternet.exe
2008-06-15 12:45:31 23296 --a------ C:WINDOWSinetinf.exe
2008-06-15 12:45:31 16384 --a------ C:WINDOWSiexplorer.exe
2008-06-15 12:45:31 25856 --a------ C:WINDOWSiedll.exe
2008-06-15 12:45:31 18432 --a------ C:WINDOWShelpcvs.exe
2008-06-15 12:45:30 16384 --a------ C:WINDOWSgfmnaaa.dll
2008-06-15 12:45:30 16896 --a------ C:WINDOWSfunny.exe
2008-06-15 12:45:30 29184 --a------ C:WINDOWSfunniest.exe
2008-06-15 12:45:30 11008 --a------ C:WINDOWSexplorer32.exe
2008-06-15 12:45:30 8448 --a------ C:WINDOWSexplore.exe
2008-06-15 12:45:30 11520 --a------ C:WINDOWSeditpad.exe
2008-06-15 12:45:29 15360 --a------ C:WINDOWSdnsrelay.dll
2008-06-15 12:45:29 23040 --a------ C:WINDOWSdirectx32.exe
2008-06-15 12:45:29 17152 --a------ C:WINDOWSctrlpan.dll
2008-06-15 12:45:29 26112 --a------ C:WINDOWSctfmon32.exe
2008-06-15 12:45:29 32512 --a------ C:WINDOWScpan.dll
2008-06-15 12:45:28 16896 --a------ C:WINDOWSclrssn.exe
2008-06-15 12:45:28 18176 --a------ C:WINDOWSavpcc.dll
2008-06-15 12:45:28 11520 --a------ C:WINDOWSaccesss.exe
2008-06-15 12:38:51 41724 ---hs---- C:Program FilesCommon FilesYazzle1552OinUninstaller.exe
2008-06-15 12:38:09 0 d-------- C:Program FilesiCheck
2008-06-15 12:38:09 0 d-------- C:Program FilesGetModule
2008-06-15 12:38:01 0 d-------- C:WINDOWSsystem32netrax06
2008-06-15 12:38:00 0 d-------- C:Temp
2008-06-15 12:37:47 0 d-------- C:Program FileswebHancer
2008-06-15 12:37:25 0 d-------- C:Program FilesuTorrent
2008-06-15 12:37:03 4 --a------ C:WINDOWSsystem32hljwugsf.bin
2008-06-15 12:37:00 90073 --a------ C:WINDOWSsystem32iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-13 23:45:43 8780 --a------ C:WINDOWSsystem32000090.exe
2008-06-13 23:44:23 229516 --a------ C:WINDOWSsystem32000070.exe
2008-06-13 23:42:40 209496 --a------ C:WINDOWSsystem32000080.exe
2008-06-13 16:12:54 187904 ---hs---- C:Program FilesCommon FilesYazzle1552OinAdmin.exe
2008-06-03 11:46:11 0 d-------- C:WINDOWSsystem32Adobe
2008-05-29 22:28:24 0 d-------- C:Program FilesNetSeal
2008-05-17 09:14:54 0 d-------- C:WINDOWSsystem32LogFiles
2008-05-17 09:14:28 0 d-------- C:Program FilesCHESSeCLOCK


-- Find3M Report ---------------------------------------------------------------

2008-06-15 14:36:29 0 d-------- C:Program FilesCommon Files
2008-06-15 12:39:23 0 d-------- C:Program FilesTrillian
2008-06-15 12:38:42 0 d-------- C:Program FilesFull Tilt Poker
2008-06-15 12:21:08 0 d-------- C:Program Filesxnews
2008-06-13 22:55:47 0 d-------- C:Program FilesCommon FilesSymantec Shared
2008-06-08 07:15:55 0 d--h----- C:Program FilesZero G Registry
2008-06-08 07:00:49 0 d-------- C:Documents and SettingsDon WalshApplication DataWeatherBug
2008-06-05 15:48:47 0 d-------- C:Documents and SettingsDon WalshApplication DataCanon
2008-06-03 13:06:21 0 d-------- C:Documents and SettingsDon WalshApplication DataAdobe
2008-05-17 09:15:01 2269 --a------ C:WINDOWSsystem32msdnf32.dll
2008-05-17 09:14:08 311296 -----n--- C:WINDOWSSetup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-17 09:14:07 73216 --a------ C:WINDOWSST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 09:06:54 4212 ---h----- C:WINDOWSsystem32zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{c900b400-cdfe-11d3-976a-00e02913a9e0}]
10/11/2007 01:49 PM 159744 --a------ C:Program FileswebHancerprogramswhiehlpr.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"StorageGuard"="C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:Program FilesDellMedia ExperiencePCMService.exe" [08/26/2003 09:47 PM]
"OpwareSE2"="C:Program FilesScanSoftOmniPageSE2.0OpwareSE2.exe" [05/08/2003 12:00 PM]
"mmtask"="c:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe" [10/06/2003 12:05 PM]
"ccApp"="C:Program FilesCommon FilesSymantec SharedccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:PROGRA~1SYMNET~1SNDMon.exe" [12/26/2005 05:57 PM]
"Advanced Tools Check"="C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE" [01/10/2005 01:20 PM]
"ZoneAlarm Client"="C:Program FilesZone LabsZoneAlarmzlclient.exe" [03/13/2008 11:11 PM]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_03binjusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [01/11/2008 11:16 PM]
"webHancer Agent"="C:Program FileswebHancerProgramswhagent.exe" [10/11/2007 01:49 PM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sonic RecordNow!"="" []
"TClockEx"="C:Program FilesTClockExTCLOCKEX.EXE" [03/09/2000 01:15 AM]
"updateMgr"="C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" []
"Weather"="C:Program FilesAWSWeatherBugWeather.exe" [09/30/2005 04:27 PM]
"Microsoft Windows Installer"="C:Documents and SettingsDon WalshApplication DataMicrosoftdtsc15200.exe" [06/15/2008 12:37 PM]
"GetModule18"="C:Program FilesGetModuleGetModule18.exe" [06/09/2008 05:40 PM]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"Userinit"="C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32iftuyszv.exe,"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk
backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-06-15 15:04:56 ------------


and here's report 2:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1533.98 MiB / 878.35 MiB
Pagefile Memory (total/avail): 2155.56 MiB / 1627.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.52 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 15.54 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

.PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 2 partitions
PARTITION0 - Unknown - 31.35 MiB
PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: Norton Internet Worm Protection v2005 (Symantec)
FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsDon WalshApplication Data
CLASSPATH=.;C:Program FilesJavajre1.6.0_03libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=DONS-DELL
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsDon Walsh
LOGONSERVER=DONS-DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesCommon FilesAutodesk Shared;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.6.0_03libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1DONWAL~1LOCALS~1Temp
TMP=C:DOCUME~1DONWAL~1LOCALS~1Temp
tvdumpflags=8
USERDOMAIN=DONS-DELL
USERNAME=Don Walsh
USERPROFILE=C:Documents and SettingsDon Walsh
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Don Walsh (admin)
Stephanie Walsh (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
--> C:Program FilesDivXConverterUninstall.exe /CONVERTER
--> C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
--> C:WINDOWSSystem32MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:WINDOWSSystem32MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:WINDOWSSystem32MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
ABC Amber LIT Converter --> C:PROGRA~1ABCAMB~1UNWISE.EXE C:PROGRA~1ABCAMB~1INSTALL.LOG
AC3Filter (remove only) --> C:Program FilesAC3Filteruninstall.exe
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Photoshop 5.5 --> C:WINDOWSISUNINST.EXE -f"C:Program FilesAdobePhotoshop 5.5Uninst.isu" -c"C:Program FilesAdobePhotoshop 5.5Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:WINDOWSSYSTEM32AdobeSHOCKW~1UNWISE.EXE C:WINDOWSSYSTEM32AdobeSHOCKW~1Install.log
AlgoLab R2V Conversion Toolkit 2.92 --> C:PROGRA~1ALGOLA~1UNWISE.EXE C:PROGRA~1ALGOLA~1INSTALL.LOG
AnswerWorks Runtime --> C:WINDOWSIsUninst.exe -f"C:Program FilesWexTechAnswerWorksUninst.isu"
AOL Instant Messenger --> C:Program FilesAIMuninstll.exe -LOG= C:Program FilesAIMinstall.log -OEM=
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
AutoCAD LT 2002 --> MsiExec.exe /I{5783F2D7-0109-0409-0000-0060B0CE6BBA}
AutoCAD LT 2005 - English --> MsiExec.exe /I{5783F2D7-0309-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:PROGRA~1AutodeskAUTODE~1Setup.exe /remove
AvantGo Client --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}setup.exe" -l0x9 CP
Canon MP Drivers 6.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3FF3DD04-F386-46B0-97FC-B86238B65487}Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{109AB81D-9732-40B3-9C1F-113A86CE6F93}setup.exe" /SUUninstall
Canon ScanGear Starter --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{18A5DFF2-8A95-49F3-873F-743CB5549F3D}setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint --> C:Program FilesCanonEasy-PhotoPrintuninst.exe C:Program FilesCanonEasy-PhotoPrintuninst.ini
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Colossus --> C:WINDOWSsystem32javaws.exe -uninstall -prompt "http://colossus.sf.net/Colossus.jnlp"
Conexant SmartHSFi V.9x 56K DF PCI Modem --> C:Program FilesCONEXANTCNXT_MODEM_PCI_VEN_14F1&DEV_2702HXFSETUP.EXE -U -IDel8d8xk.INF
Dell Digital Jukebox Driver --> C:Program FilesDellDigital Jukebox DriversDrvUnins.exe /s
Dell Media Experience --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2637C347-9DAD-11D6-9EA2-00055D0CA761}setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{E646DCF0-5A68-11D5-B229-002078017FBF}setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:Program FilesDivXDivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:Program FilesDivXConverterUninstall.exe /CONVERTER
DivX Player --> C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Documents To Go --> MsiExec.exe /X{50EE3E64-FE60-4803-BCDC-A8CD6830D185}
DuctLite --> C:WINDOWSuninst.exe -f"C:Program FilesDuctLiteDeIsL1.isu" -c"C:Program FilesDuctLite_ISREG32.DLL"
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
DWG TrueConvert™ --> MsiExec.exe /X{5783F2D7-0221-0409-0000-0060B0CE6BBA}
DWG TrueView 2008 --> C:Program FilesDWG TrueView 2008SetupSetup.exe /P {B1A9CD45-A702-4E3B-91ED-8CD562869901} /M AOEM
Easy-WebPrint --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonEasy-WebPrintUninst.isu"
Executor-Win32 Demo --> C:WINDOWSIsUninst.exe -fc:ExecDemo32Uninst.isu
Fade Team Acedior for PalmOS --> C:WINDOWSctpu.exe -uC:Program FilesFade TeamAcediorinstall.log -lC:WINDOWSResENU.dll
FontSmoother 1.69 --> "C:Program FilesFontSmootherunins000.exe"
Full Tilt Poker --> "C:Program FilesInstallShield Installation Information{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}setup.exe" -runfromtemp -l0x0009 -removeonly
GenoPro --> C:Program FilesGenoProUninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Hill 218 --> C:WINDOWSsystem32javaws.exe -uninstall -prompt "http://www.honte.org/Hill_218/Hill_218.jnlp"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx PCIVEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Speed Monitor --> C:Program FilesiCheckUninstall.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
IrfanView (remove only) --> C:Program FilesIrfanViewiv_uninstall.exe
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:WINDOWSsystem32Kaspersky LabKaspersky Online Scannerkavuninstall.exe
Learn2 Player (Uninstall Only) --> C:Program FilesLearn2.comStRunnerstuninst.exe
LiveReg (Symantec Corporation) --> C:Program FilesCommon FilesSymantec SharedLiveRegVCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:Program FilesSymantecLiveUpdateLSETUP.EXE" /U
Microsoft Data Access Components KB870669 --> C:WINDOWSmuninst.exe C:WINDOWSINFKB870669.inf
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Reader --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B6F7DBE7-2FE2-458F-A738-B10832746036}Setup.exe" -L0x9
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFmsTTSa22.inf, Uninstall
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Modem Helper --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{7F142D56-3326-11D5-B229-002078017FBF}setup.exe" -l0x9 ControlPanel
MONOPOLY HERE & NOW EDITION --> "C:Program FilesRealArcadeInstallerbingameinstaller.exe" "C:Program FilesRealArcadeInstallerinstallerMain.clf" "C:Program FilesRealArcadeInstalleruninstallMONOPOLY HERE & NOW EDITION.rguninst"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:WINDOWSINFmsninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox --> C:PROGRA~1MUSICM~1MUSICM~2unmatch.exe
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetSeal --> MsiExec.exe /I{672DD10E-8E30-432E-95EC-A0595DA94CA5}
NetWaiting --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3F92ABBB-6BBF-11D5-B229-002078017FBF}setup.exe" -l0x9 ControlPanelAnyText
Neuview Standard and Professional 6.07 --> "C:Program FilesQO DevelopmentsNeuview Media Playerunins000.exe"
Norton AntiVirus 2005 --> MsiExec.exe /X{C6B28661-7910-442E-ADDD-72EAA8395380}
Norton AntiVirus 2005 (Symantec Corporation) --> C:Program FilesCommon FilesSymantec SharedSymSetup{C6B28661-7910-442E-ADDD-72EAA8395380}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Outerinfo --> "C:Program FilesCommon FilesYazzle1552OinUninstaller.exe"
Palm --> MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
Panda TotalScan --> C:WINDOWSsystem32Panda SoftwareActiveScan2ascuninst.exe
Pdf995 --> C:Program Filespdf995setup.exe uninstall
PdfEdit995 --> C:Program Filespdf995resutilitiesthinsetup.exe - uninstall
Poker Journal v1.5 --> C:WINDOWSsystem32pInstaller.exe /u "C:WINDOWSsystem32Poker Journal v1.5.un0"
PowerDVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe" -uninstall
Presto! PageManager 6.03 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}Setup.exe" -l0x9 anything
QuickSize --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5CB2C26A-3A5E-4D0A-A769-E0FC535711DC}setup.exe"
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealArcade --> "C:Program FilesRealArcadeInstallerbingameinstaller.exe" "C:Program FilesRealArcadeInstallerinstallerMain.clf" "C:Program FilesRealArcadeInstalleruninstallRealArcade.rguninst"
RealPlayer --> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
Shockwave --> C:WINDOWSSYSTEM32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSSYSTEM32MacromedSHOCKW~1Install.log
Signature995 --> C:Program Filespdf995resutilitiesSignature995thinsetup.exe - uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:Program FilesSpybot - Search & Destroyunins000.exe"
StuffIt Standard --> C:PROGRA~1COMMON~1INSTAL~1Driver10INTEL3~1IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TClockEx --> "C:Program FilesTClockExunins000.exe"
Trillian --> C:Program FilesTrilliantrillian.exe /uninstall
VideoLAN VLC media player 0.8.6c --> C:Program FilesVideoLANVLCuninstall.exe
Virtools 3D Life Player --> C:Program FilesVirtools3D Life PlayerWebplayerConfig.exe -u
Volo View Express --> C:WINDOWSuninst.exe -f"C:Program FilesVolo View ExpressDeIsL1.isu"
WavePDB 1.5.3 --> "C:Program FilesCnPUG-WavePDBunins000.exe"
WeatherBug --> C:PROGRA~1AWSWEATHE~1REMOVE.EXE C:PROGRA~1AWSWEATHE~1INSTALL.LOG
webHancer Customer Companion --> C:Program FileswebHancerProgramswhInstaller.exe -uninstall
WinRAR archiver --> C:Program FilesWinRARuninstall.exe
WinZip --> "C:Program FilesWinZipWINZIP32.EXE" /uninstall
WM Recorder 11.3 --> C:Program FilesWMR11Uninstal.exe
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! Address AutoComplete --> C:WINDOWSSystem32regsvr32 /u /s C:PROGRA~1Yahoo!Commonyaddbook.dll
Yahoo! Install Manager --> C:WINDOWSSystem32regsvr32 /u C:WINDOWSDOWNLO~1YINSTH~1.DLL
Yahoo! Internet Mail --> C:WINDOWSSystem32regsvr32 /u /s C:PROGRA~1Yahoo!Commonymmapi.dll
ZoneAlarm --> C:Program FilesZone LabsZoneAlarmzauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10358 / Error
Event Submitted/Written: 06/03/2008 01:31:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10312 / Error
Event Submitted/Written: 06/01/2008 07:19:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10311 / Error
Event Submitted/Written: 06/01/2008 07:19:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10268 / Error
Event Submitted/Written: 05/30/2008 02:37:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10229 / Error
Event Submitted/Written: 05/28/2008 05:15:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application acad.exe, version 22.2.54.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32639 / Error
Event Submitted/Written: 06/15/2008 02:35:49 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAVRT service failed to start due to the following error:
%%31

Event Record #/Type32632 / Error
Event Submitted/Written: 06/15/2008 02:35:32 PM
Event ID/Source: 6 / SAVRT
Event Description:
Incompatible version of SYMEVENT.SYS is loaded.

Event Record #/Type32615 / Error
Event Submitted/Written: 06/15/2008 00:41:36 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAVRT service failed to start due to the following error:
%%31

Event Record #/Type32608 / Error
Event Submitted/Written: 06/15/2008 00:41:32 PM
Event ID/Source: 6 / SAVRT
Event Description:
Incompatible version of SYMEVENT.SYS is loaded.

Event Record #/Type32575 / Error
Event Submitted/Written: 06/15/2008 00:31:43 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAVRT service failed to start due to the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-15 15:04:56 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 15 June 2008 - 03:30 PM.


BC AdBot (Login to Remove)

 


#2 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:03 AM

Posted 15 June 2008 - 07:13 PM

Hi havoc110,

My name is Pat and i'll be taking your log :thumbsup:

I am currently looking over it and will get back to you with some instructions ASAP! :)

Thanks for your patience.

#3 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 15 June 2008 - 09:35 PM

Thanks Pat.

I just wanted to let you know I will try to respond as soon as possible to your instructions,
but I have a family member in the hospital, so sometimes it might be a little while before
I reply.

Thanks,

don.

#4 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:03 AM

Posted 16 June 2008 - 01:26 AM

Hi Don, (let me know if you'd rather me not call you that)

Best wishes for that family member. I hope they get better! :thumbsup:

Thanks for trying to respond ASAP, I understand, also, if i don't reply within 24 hours, send me a private message as a reminder.

Anyway, on with the fix.

Remove WebHancer

Download LSP-Fix from the following link and save it to a location you can find later if necessary.

LSP-Fix Download Link

Follow these steps to remove Webhancer:

1. Click on start, settings, control panel.

2. Double-click on the Add/Remove Programs icon.

3. Uninstall Webhancer from the listing of programs

4. Delete the following files and directories:

c:\program files\webhancer
c:\windows\webhdll.dll
c:\windows\whagent.inf
c:\windows\whInstaller.exe
c:\windows\whInstaller.ini


If you can not connect to the Internet after removing Webhancer, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.

At this point, Webhancer should now be removed from your computer.

Now, please rescan with DSS and Post the log in a reply here.

Thanks!

Edited by Sp0nge, 16 June 2008 - 01:27 AM.


#5 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 16 June 2008 - 06:24 AM

OK Pat,

Don is fine. Thanks for your well wishes.

Again, on to the fix:

Webhancer removed from program list in control panel.
I could not delete webhdll.dll and whiehlpr.dll originally from:
c:\program files\webhancer\programs.

but on reboot they were gone.

also the items did not exist in c:\windows, but most of those files
on your list were also in c:\program files\webhancer\programs.

still could not connect to bleepingcomputer.com, so I tried LSP-fix.

LSP-fix indicated no changes. The following appear in the "keep" column.

mswsock.dll
winrnr.dll
rsvpsp.dll

reboot and still unable to get bleepingcomputer.com (other sites work,
did not try a comprehensive test on what does and doesn't work).

my current dss log:

Deckard's System Scanner v20071014.68
Run by Don Walsh on 2008-06-16 07:09:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Don Walsh.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:36 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Don Walsh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DONWAL~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Convert to Palm e-Book - C:\Program Files\CnPUG-WavePDB\WavePDB.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
O16 - DPF: {6741FA2E-5E72-11D9-B8D3-A78832C1C537} (Generator7.IonSaliuGen7) - http://www.saliu.com/Generator7.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183147794796
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.leesallee.com/Remote/msrdp.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF7BD15D-60A8-11D8-B8D1-B7651DB32741} (Calculator.IonOddsCalc) - http://www.saliu.com/Calculator.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 15152 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-15 12:45:39 9216 --a------ C:\WINDOWS\y.exe
2008-06-15 12:45:38 16128 --a------ C:\WINDOWS\xplugin.dll
2008-06-15 12:45:38 28672 --a------ C:\WINDOWS\x.exe
2008-06-15 12:45:38 10752 --a------ C:\WINDOWS\winmgnt.exe
2008-06-15 12:45:37 22272 --a------ C:\WINDOWS\window.exe
2008-06-15 12:45:37 15104 --a------ C:\WINDOWS\winajbm.dll
2008-06-15 12:45:37 27392 --a------ C:\WINDOWS\win64.exe
2008-06-15 12:45:37 12288 --a------ C:\WINDOWS\win32e.exe
2008-06-15 12:45:37 12800 --a------ C:\WINDOWS\waol.exe
2008-06-15 12:45:36 20224 --a------ C:\WINDOWS\users32.exe
2008-06-15 12:45:36 10496 --a------ C:\WINDOWS\time.exe
2008-06-15 12:45:36 16640 --a------ C:\WINDOWS\systemcritical.exe
2008-06-15 12:45:36 9216 --a------ C:\WINDOWS\systeem.exe
2008-06-15 12:45:36 31744 --a------ C:\WINDOWS\svcinit.exe
2008-06-15 12:45:35 27648 --a------ C:\WINDOWS\svchost32.exe
2008-06-15 12:45:35 10496 --a------ C:\WINDOWS\sistem.exe
2008-06-15 12:45:35 11776 --a------ C:\WINDOWS\searchword.dll
2008-06-15 12:45:35 20736 --a------ C:\WINDOWS\rundll16.exe
2008-06-15 12:45:35 11520 --a------ C:\WINDOWS\quicken.exe
2008-06-15 12:45:34 21760 --a------ C:\WINDOWS\qttasks.exe
2008-06-15 12:45:34 22528 --a------ C:\WINDOWS\olehelp.exe
2008-06-15 12:45:34 13056 --a------ C:\WINDOWS\notepad32.exe
2008-06-15 12:45:34 26880 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-15 12:45:33 24064 --a------ C:\WINDOWS\mswsc20.dll
2008-06-15 12:45:33 24320 --a------ C:\WINDOWS\mswsc10.dll
2008-06-15 12:45:33 27136 --a------ C:\WINDOWS\msupdate.exe
2008-06-15 12:45:33 20480 --a------ C:\WINDOWS\mssys.exe
2008-06-15 12:45:32 12800 --a------ C:\WINDOWS\msspi.dll
2008-06-15 12:45:32 22016 --a------ C:\WINDOWS\msconfd.dll
2008-06-15 12:45:32 28928 --a------ C:\WINDOWS\loader.exe
2008-06-15 12:45:32 23552 --a------ C:\WINDOWS\internet.exe
2008-06-15 12:45:31 23296 --a------ C:\WINDOWS\inetinf.exe
2008-06-15 12:45:31 16384 --a------ C:\WINDOWS\iexplorer.exe
2008-06-15 12:45:31 25856 --a------ C:\WINDOWS\iedll.exe
2008-06-15 12:45:31 18432 --a------ C:\WINDOWS\helpcvs.exe
2008-06-15 12:45:30 16384 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-15 12:45:30 16896 --a------ C:\WINDOWS\funny.exe
2008-06-15 12:45:30 29184 --a------ C:\WINDOWS\funniest.exe
2008-06-15 12:45:30 11008 --a------ C:\WINDOWS\explorer32.exe
2008-06-15 12:45:30 8448 --a------ C:\WINDOWS\explore.exe
2008-06-15 12:45:30 11520 --a------ C:\WINDOWS\editpad.exe
2008-06-15 12:45:29 15360 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-15 12:45:29 23040 --a------ C:\WINDOWS\directx32.exe
2008-06-15 12:45:29 17152 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-15 12:45:29 26112 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-15 12:45:29 32512 --a------ C:\WINDOWS\cpan.dll
2008-06-15 12:45:28 16896 --a------ C:\WINDOWS\clrssn.exe
2008-06-15 12:45:28 18176 --a------ C:\WINDOWS\avpcc.dll
2008-06-15 12:45:28 11520 --a------ C:\WINDOWS\accesss.exe
2008-06-15 12:38:51 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-06-15 12:38:09 0 d-------- C:\Program Files\iCheck
2008-06-15 12:38:09 0 d-------- C:\Program Files\GetModule
2008-06-15 12:38:01 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-15 12:38:00 0 d-------- C:\Temp
2008-06-15 12:37:25 0 d-------- C:\Program Files\uTorrent
2008-06-15 12:37:03 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-15 12:37:00 90073 --a------ C:\WINDOWS\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-13 23:45:43 8780 --a------ C:\WINDOWS\system32\000090.exe
2008-06-13 23:44:23 229516 --a------ C:\WINDOWS\system32\000070.exe
2008-06-13 23:42:40 209496 --a------ C:\WINDOWS\system32\000080.exe
2008-06-13 16:12:54 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-06-03 11:46:11 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-29 22:28:24 0 d-------- C:\Program Files\NetSeal
2008-05-17 09:14:54 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-17 09:14:28 0 d-------- C:\Program Files\CHESSeCLOCK


-- Find3M Report ---------------------------------------------------------------

2008-06-16 07:01:45 0 d-------- C:\Program Files\Common Files
2008-06-15 12:39:23 0 d-------- C:\Program Files\Trillian
2008-06-15 12:38:42 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-15 12:21:08 0 d-------- C:\Program Files\xnews
2008-06-13 22:55:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 07:15:55 0 d--h----- C:\Program Files\Zero G Registry
2008-06-08 07:00:49 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\WeatherBug
2008-06-05 15:48:47 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Canon
2008-06-03 13:06:21 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Adobe
2008-05-17 09:15:01 2269 --a------ C:\WINDOWS\system32\msdnf32.dll
2008-05-17 09:14:08 311296 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-17 09:14:07 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 09:06:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 12:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/26/2005 05:57 PM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [01/10/2005 01:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [03/09/2000 01:15 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [09/30/2005 04:27 PM]
"Microsoft Windows Installer"="C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe" [06/15/2008 12:37 PM]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [06/09/2008 05:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-06-16 07:11:40 ------------


thanks,

don

#6 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:03 AM

Posted 17 June 2008 - 01:43 AM

Hi Don,

Being unable to access BC.Com is unrelated to Webhancer, we will address this soon.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

SDFix

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
For more information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

So in your next reply, please include:

  • The Combofix Log
  • The SDFix Report


#7 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 17 June 2008 - 06:34 AM

Pat,

I am having no ends of problems with SDFix.

1st, it would not extract onto my pc. I extracted in on another PC and moved it.

2nd, I thought the screensaver came up and interrupted the SDFix Run. So I rebooted
and disabled the screensaver. Problem was the screensaver still came up and
I thought that caused SDFix to hang.

So I started a third time, only to lock up before hitting "Y" to start.

So I started (each time requires a reboot into safe mode) again, with the intent
to keep the mouse moving while it is running, only to have it stop about 5 minutes
in (drive light off). Now it is like 15-20 minutes later.

The window reads:

Starting Repairs

Checking Running Processes and Services

<<flashing cursor>>

How should I proceed?

Don.

UPDATE: It now reads "Please be Patient as this may take up to 20 minutes"

So apparently it is still going.

Will update again, hopefully with log files. Don.

Here is the SDFix Report log file:


SDFix: Version 1.193
Run by Don Walsh on Tue 06/17/2008 at 07:38 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'
Killing PID 784 'iftuyszv.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Program Files\GetModule\GetModule18.exe - Deleted
C:\Program Files\iCheck\iCheck.exe - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\WINDOWS\system32\000070.exe - Deleted
C:\WINDOWS\system32\000080.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\accesss.exe - Deleted
C:\WINDOWS\astctl32.ocx - Deleted
C:\WINDOWS\avpcc.dll - Deleted
C:\WINDOWS\clrssn.exe - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mssys.exe - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\iftuyszv.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted



Folder C:\Program Files\GetModule - Removed
Folder C:\Program Files\iCheck - Removed


Removing Temp Files

ADS Check :



Final Check :


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 9 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Mon 2 May 2005 238,080 ...H. --- "C:\Documents and Settings\Don Walsh\Desktop\Don's work\game stuff\~WRL1644.tmp"
Tue 3 Apr 2001 60,416 A..H. --- "C:\Documents and Settings\Don Walsh\Desktop\Don's work\proposals\~WRL0004.tmp"
Wed 9 Mar 2005 4,348 ...H. --- "C:\Documents and Settings\Don Walsh\My Documents\My Music\License Backup\drmv1key.bak"
Wed 10 May 2006 20 A..H. --- "C:\Documents and Settings\Don Walsh\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 9 Mar 2005 400 A.SH. --- "C:\Documents and Settings\Don Walsh\My Documents\My Music\License Backup\drmv2key.bak"
Thu 19 Jun 2003 58,880 A..H. --- "C:\Documents and Settings\Don Walsh\Desktop\Don's work\1400 ny ave\doj 7th floor\~WRL0001.tmp"
Thu 19 Jun 2003 59,392 A..H. --- "C:\Documents and Settings\Don Walsh\Desktop\Don's work\1400 ny ave\doj 7th floor\~WRL0003.tmp"
Tue 10 Dec 2002 54,784 A..H. --- "C:\Documents and Settings\Don Walsh\Desktop\Don's work\sasha bruce\apartments\~WRL0002.tmp"

Finished!

Now I seem to have the windows "sky and field" wallpaper back and there are no annoying messages
in my system tray as yet.

However, ComboFix will not run. I get the security warning, hit OK, then... nothing.

Here is a current HiJackThis Log for review:

Deckard's System Scanner v20071014.68
Run by Don Walsh on 2008-06-17 08:20:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Don Walsh.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:11 AM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
C:\Documents and Settings\Don Walsh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DONWAL~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Convert to Palm e-Book - C:\Program Files\CnPUG-WavePDB\WavePDB.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
O16 - DPF: {6741FA2E-5E72-11D9-B8D3-A78832C1C537} (Generator7.IonSaliuGen7) - http://www.saliu.com/Generator7.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183147794796
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.leesallee.com/Remote/msrdp.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF7BD15D-60A8-11D8-B8D1-B7651DB32741} (Calculator.IonOddsCalc) - http://www.saliu.com/Calculator.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 13283 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 06:56:19 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-17 06:50:40 0 d-------- C:\WINDOWS\ERUNT
2008-06-15 12:38:01 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-15 12:38:00 0 d-------- C:\Temp
2008-06-15 12:37:25 0 d-------- C:\Program Files\uTorrent
2008-06-03 11:46:11 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-29 22:28:24 0 d-------- C:\Program Files\NetSeal
2008-05-17 09:14:54 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-17 09:14:28 0 d-------- C:\Program Files\CHESSeCLOCK


-- Find3M Report ---------------------------------------------------------------

2008-06-17 08:12:59 0 d-------- C:\Program Files\Common Files
2008-06-15 12:39:23 0 d-------- C:\Program Files\Trillian
2008-06-15 12:38:42 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-15 12:21:08 0 d-------- C:\Program Files\xnews
2008-06-13 22:55:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 07:15:55 0 d--h----- C:\Program Files\Zero G Registry
2008-06-08 07:00:49 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\WeatherBug
2008-06-05 15:48:47 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Canon
2008-06-03 13:06:21 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Adobe
2008-05-17 09:15:01 2269 --a------ C:\WINDOWS\system32\msdnf32.dll
2008-05-17 09:14:08 311296 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-17 09:14:07 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 09:06:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 12:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/26/2005 05:57 PM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [01/10/2005 01:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [03/09/2000 01:15 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [09/30/2005 04:27 PM]
"Microsoft Windows Installer"="C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe" [06/15/2008 12:37 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-06-17 08:21:21 ------------

RECAP:
SDFIX seems sucessful: Report Attached
ComboFix: WOULD NOT RUN
New HiJackThis log attached.

will not edit or update again until further directions given.

thanks.

don

SORRY. I said I wouldn't edit again. But I just wanted you to know I ran through
the entire how to guide for combofix, with no success.

Also, I wanted to know what times you may be available, because I will stay up through
the night here if I can get through 2 or maybe even more steps in a 24 hour cycle.
The time difference makes it difficult, but I will either work thru the night here or
wake up in the middle of the night if I know we might be able to proceed quicker.
Currently it is 6pm eastern us time, which i think is 8 am sydney time.

Thanks again for your help.

Edited by havoc110, 17 June 2008 - 04:56 PM.


#8 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:03 AM

Posted 20 June 2008 - 03:36 AM

Hey Don,

Sorry I'm depriving you of sleep. As I said in the PM, please don't feel like you're under any pressure to reply as soon as I do.

If I get a chance to, I will try to reply to you in the mornings, where the time suits you, as you said, around 6pm. I'm usually around from about 4pm to 9pm Australian Eastern Standard Time, don't worry about trying to fit to my schedule.

We don't have much to go by the looks of those logs (hopefully) but these following instructions can tell us more. There are just a few suspicious things I have encountered.

Hijackthis Fixes

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank << Unless your set this entry.
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab


Also check these entries if you uninstalled PartyPoker:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)


And these entries if you no longer wish to have WeatherBug on your system:
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)



2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Delete Folders

4. Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

5. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files/folders (if present):

C:\Program Files\AWS <<<- * OPTIONAL * this whole folder if you removed the entries related to WeatherBug.
C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc <<<-this whole folder
C:\Program Files\PartyGaming\PartyPoker <<<-this whole folder but only if you uninstalled it.

When you are finished, please reboot the computer normally, and post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.

Kaspersky Webscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please include the new Hijackthis Log in your reply aswell.

Edited by Sp0nge, 20 June 2008 - 04:14 AM.


#9 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 20 June 2008 - 07:20 AM

Hey Pat,

You haven't deprived me of a minute's sleep. Don't worry about it.

Ran the HiJackThis Fixes.

My IE still has the following problems:

cannot connect to bc.com
cannot connect to kaspersky website
yahoo search results being redirected.

In addition, when the DSS scanner runs. My Norton AV pops up with
MALICIOUS SCRIPT DETECTED.

C:\documen~\...\lnkread.vbs

It is recommended to stop this script (so that's what I do).
This has happened each time I run DSS.

It did not occur when I ran HiJackThis to do the scan and fix.

Obviously I could not run the Kaspersky scanner, so there is no log for that.

On the surface, my machine is pretty much behaving the same as before this step.
(the wallpaper and system tray messages stopped appearing several steps prior,
and none of the IE problems have gone away).

here is the HiJack Log:

Deckard's System Scanner v20071014.68
Run by Don Walsh on 2008-06-20 07:56:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Don Walsh.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:54 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Don Walsh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DONWAL~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Convert to Palm e-Book - C:\Program Files\CnPUG-WavePDB\WavePDB.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
O16 - DPF: {6741FA2E-5E72-11D9-B8D3-A78832C1C537} (Generator7.IonSaliuGen7) - http://www.saliu.com/Generator7.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183147794796
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.leesallee.com/Remote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF7BD15D-60A8-11D8-B8D1-B7651DB32741} (Calculator.IonOddsCalc) - http://www.saliu.com/Calculator.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 11039 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-17 06:56:19 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-17 06:50:40 0 d-------- C:\WINDOWS\ERUNT
2008-06-15 12:38:01 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-15 12:38:00 0 d-------- C:\Temp
2008-06-15 12:37:25 0 d-------- C:\Program Files\uTorrent
2008-06-03 11:46:11 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-29 22:28:24 0 d-------- C:\Program Files\NetSeal


-- Find3M Report ---------------------------------------------------------------

2008-06-20 07:48:07 0 d-------- C:\Program Files\Common Files
2008-06-20 07:46:26 0 d-------- C:\Program Files\PartyGaming
2008-06-19 23:06:49 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\WeatherBug
2008-06-19 12:39:11 0 d-------- C:\Program Files\IrfanView
2008-06-19 12:36:21 0 d-------- C:\Program Files\xnews
2008-06-15 12:39:23 0 d-------- C:\Program Files\Trillian
2008-06-15 12:38:42 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-13 22:55:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 07:15:55 0 d--h----- C:\Program Files\Zero G Registry
2008-06-05 15:48:47 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Canon
2008-06-03 13:06:21 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Adobe
2008-05-17 09:17:21 0 d-------- C:\Program Files\CHESSeCLOCK
2008-05-17 09:15:01 2269 --a------ C:\WINDOWS\system32\msdnf32.dll
2008-05-17 09:14:08 311296 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-17 09:14:07 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 09:06:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 12:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/26/2005 05:57 PM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [01/10/2005 01:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [03/09/2000 01:15 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [09/30/2005 04:27 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-06-20 07:58:43 ------------


Thanks,

Don.

#10 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:03 AM

Posted 21 June 2008 - 04:34 AM

Hi Don,
The following step (HostsXpert) should fix your problem with accessing such websites as Bleepingcomputer, if it does, please follow the Kaspersky step in my previous post and post the log.

We will also attempt to have ComboFix run in safe mode.

HostsXpert

Download HostsXpert.zip
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click "Restore Microsoft's Hosts file" and then click "OK".
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
ComboFix

Please download Combofix to your desktop.

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick combo.exe on your deskop to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it may reboot, and it should produce a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Remember to include the following in your next reply please:

  • The ComboFix Log
  • The Kaspersky Log (If you are able to)
  • Also tell me if you can access those websites after running HostsXpert.

Thanks

~Pat


#11 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 21 June 2008 - 08:31 AM

Pat,

nothing seems to have worked

i used hostsxpert as instructed.
the make writeable option gave me an error:
cannot create file c:\windows\system32\drivers\etc\hosts

the thing is it looks exactly like the file that shows up in the window
of hostsxpert, so I think hostsxpert ran the way it should,

but none of my website access problems were resolved.

as such, i still cannot run kaspersky

also, combofix does not run in safe mode either.

here's my current HJthis log:

Deckard's System Scanner v20071014.68
Run by Don Walsh on 2008-06-21 09:12:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Don Walsh.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:10 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Don Walsh\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DONWAL~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Convert to Palm e-Book - C:\Program Files\CnPUG-WavePDB\WavePDB.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
O16 - DPF: {6741FA2E-5E72-11D9-B8D3-A78832C1C537} (Generator7.IonSaliuGen7) - http://www.saliu.com/Generator7.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183147794796
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.leesallee.com/Remote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF7BD15D-60A8-11D8-B8D1-B7651DB32741} (Calculator.IonOddsCalc) - http://www.saliu.com/Calculator.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 11224 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 08:27:53 0 d-------- C:\hostsxpert
2008-06-17 06:56:19 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-17 06:50:40 0 d-------- C:\WINDOWS\ERUNT
2008-06-15 12:38:01 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-15 12:38:00 0 d-------- C:\Temp
2008-06-15 12:37:25 0 d-------- C:\Program Files\uTorrent
2008-06-03 11:46:11 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-29 22:28:24 0 d-------- C:\Program Files\NetSeal


-- Find3M Report ---------------------------------------------------------------

2008-06-21 09:10:17 0 d-------- C:\Program Files\Common Files
2008-06-20 07:46:26 0 d-------- C:\Program Files\PartyGaming
2008-06-19 23:06:49 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\WeatherBug
2008-06-19 12:39:11 0 d-------- C:\Program Files\IrfanView
2008-06-19 12:36:21 0 d-------- C:\Program Files\xnews
2008-06-15 12:39:23 0 d-------- C:\Program Files\Trillian
2008-06-15 12:38:42 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-13 22:55:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 07:15:55 0 d--h----- C:\Program Files\Zero G Registry
2008-06-05 15:48:47 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Canon
2008-06-03 13:06:21 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Adobe
2008-05-17 09:17:21 0 d-------- C:\Program Files\CHESSeCLOCK
2008-05-17 09:15:01 2269 --a------ C:\WINDOWS\system32\msdnf32.dll
2008-05-17 09:14:08 311296 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-17 09:14:07 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 09:06:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 12:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/26/2005 05:57 PM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [01/10/2005 01:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [03/09/2000 01:15 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [09/30/2005 04:27 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-06-21 09:13:24 ------------


Help?
Thanks.

Don.

Edited by havoc110, 21 June 2008 - 08:32 AM.


#12 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:03 AM

Posted 22 June 2008 - 02:47 AM

Hi Don,

We will try yet another way to run Combofix. Make sure your antivirus' are disabled for this next step. Remember to re-enable them afterwards.

ComboFix

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK: (assuming ComboFix.exe is on the desktop as was instructed)

"%userprofile%\desktop\combofix.exe"

Malwarebytes Anti-Malware

This is an alternative to Kaspersky.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Deckard's System Scanner

I would like to see some additional information from DSS.
  • Click Start and then Run to bring up the Run box.
  • Copy and paste the contents of this quote box into the run box:

    "%userprofile%\desktop\dss.exe" /config

  • Close all other open windows.
  • Click OK.
  • A window will now open. Click Check All and then click Scan!.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
Thanks

~Pat

#13 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 June 2008 - 12:52 PM

Pat,

ComboFix still not running. I've downloaded it from all 3 links, tried renaming it and changing the name back,
tried the start menu...Run method. Also tried running it at a dos command prompt. No effect.

Also the same with the MBAM program. Nothing happens when I click the execuatable. Well I get
a brief hit of the hard drive and the hard drive activity light flickers on, then nothing. Exactly the same as
when I run ComboFix.

Here is the DSS Main:
Deckard's System Scanner v20071014.68
Run by Don Walsh on 2008-06-22 13:42:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-06-22 17:42:18 UTC - RP348 - Deckard's System Scanner Restore Point
8: 2008-06-21 22:14:20 UTC - RP347 - System Checkpoint
7: 2008-06-20 21:52:40 UTC - RP346 - System Checkpoint
6: 2008-06-19 21:28:15 UTC - RP345 - System Checkpoint
5: 2008-06-18 20:29:22 UTC - RP344 - System Checkpoint


-- First Restore Point --
1: 2008-06-15 05:05:38 UTC - RP340 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Don Walsh.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:22 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Don Walsh\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DONWAL~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Convert to Palm e-Book - C:\Program Files\CnPUG-WavePDB\WavePDB.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
O16 - DPF: {6741FA2E-5E72-11D9-B8D3-A78832C1C537} (Generator7.IonSaliuGen7) - http://www.saliu.com/Generator7.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183147794796
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.leesallee.com/Remote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF7BD15D-60A8-11D8-B8D1-B7651DB32741} (Calculator.IonOddsCalc) - http://www.saliu.com/Calculator.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 10873 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080620-074034-158 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20080620-074034-367 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20080620-074034-378 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
backup-20080620-074034-461 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20080620-074034-553 O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Don Walsh\Application Data\Microsoft\dtsc\15200.exe
backup-20080620-074035-296 O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
backup-20080620-074035-474 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20080620-074036-187 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
backup-20080620-074036-293 O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

-- File Associations -----------------------------------------------------------

.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 cdenable - c:\windows\system32\drivers\cdenable.sys

S3 catchme - c:\docume~1\donwal~1\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 492)
2007-02-12 00:17:02 38912 --a------ C:\WINDOWS\SYSTEM32\AcSignIcon.dll <Not Verified; Autodesk, Inc.; AutoCAD>
2003-05-08 12:00:46 159744 --a------ C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll <Not Verified; ScanSoft, Inc.; OmniPage SE>
2000-03-09 01:45:04 96256 --a------ C:\Program Files\TClockEx\TCLOCKEX.DLL <Not Verified; Dale Nurden; TClockEx>
2004-02-11 09:00:00 5120 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing, Inc.; WinZip>
2004-04-26 16:27:24 86528 --a------ C:\Program Files\CnPUG-WavePDB\WavePDB.dll <Not Verified; ??; ????>
2005-03-23 20:24:20 40960 --a------ C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll <Not Verified; Allume Systems, Inc.; StuffIt>
2005-03-23 20:21:38 94208 --a------ C:\Program Files\Allume Systems\StuffIt\Allume.dll <Not Verified; Allume Systems, Inc; Allume Common Library>
2005-03-19 13:59:58 43520 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt03.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 07:36:45 538 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Don Walsh.job
2008-06-18 14:26:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-21 08:27:53 0 d-------- C:\hostsxpert
2008-06-17 06:56:19 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-17 06:50:40 0 d-------- C:\WINDOWS\ERUNT
2008-06-15 12:38:01 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-15 12:38:00 0 d-------- C:\Temp
2008-06-15 12:37:25 0 d-------- C:\Program Files\uTorrent
2008-06-03 11:46:11 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-29 22:28:24 0 d-------- C:\Program Files\NetSeal


-- Find3M Report ---------------------------------------------------------------

2008-06-21 09:10:17 0 d-------- C:\Program Files\Common Files
2008-06-20 07:46:26 0 d-------- C:\Program Files\PartyGaming
2008-06-19 12:39:11 0 d-------- C:\Program Files\IrfanView
2008-06-19 12:36:21 0 d-------- C:\Program Files\xnews
2008-06-15 12:39:23 0 d-------- C:\Program Files\Trillian
2008-06-15 12:38:42 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-13 22:55:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 07:15:55 0 d--h----- C:\Program Files\Zero G Registry
2008-06-05 15:48:47 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Canon
2008-06-03 13:06:21 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Adobe
2008-05-17 09:17:21 0 d-------- C:\Program Files\CHESSeCLOCK
2008-05-17 09:15:01 2269 --a------ C:\WINDOWS\system32\msdnf32.dll
2008-05-17 09:14:08 311296 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-17 09:14:07 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 09:06:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 12:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/26/2005 05:57 PM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [01/10/2005 01:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [03/09/2000 01:15 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-06-22 13:44:54 ------------

Here is the DSS extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 1533.98 MiB / 1061.88 MiB
Pagefile Memory (total/avail): 2155.56 MiB / 1818.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.09 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 15.35 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Worm Protection v2005 (Symantec)
FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Don Walsh\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DONS-DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Don Walsh
LOGONSERVER=\\DONS-DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DONWAL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DONWAL~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=DONS-DELL
USERNAME=Don Walsh
USERPROFILE=C:\Documents and Settings\Don Walsh
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Don Walsh (admin)
Stephanie Walsh (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABC Amber LIT Converter --> C:\PROGRA~1\ABCAMB~1\UNWISE.EXE C:\PROGRA~1\ABCAMB~1\INSTALL.LOG
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 5.5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
AlgoLab R2V Conversion Toolkit 2.92 --> C:\PROGRA~1\ALGOLA~1\UNWISE.EXE C:\PROGRA~1\ALGOLA~1\INSTALL.LOG
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
AutoCAD LT 2002 --> MsiExec.exe /I{5783F2D7-0109-0409-0000-0060B0CE6BBA}
AutoCAD LT 2005 - English --> MsiExec.exe /I{5783F2D7-0309-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AvantGo Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x9 CP
Canon MP Drivers 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF3DD04-F386-46B0-97FC-B86238B65487}\Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109AB81D-9732-40B3-9C1F-113A86CE6F93}\setup.exe" /SUUninstall
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Colossus --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://colossus.sf.net/Colossus.jnlp"
Conexant SmartHSFi V.9x 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go --> MsiExec.exe /X{50EE3E64-FE60-4803-BCDC-A8CD6830D185}
DuctLite --> C:\WINDOWS\uninst.exe -f"C:\Program Files\DuctLite\DeIsL1.isu" -c"C:\Program Files\DuctLite\_ISREG32.DLL"
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
DWG TrueConvert™ --> MsiExec.exe /X{5783F2D7-0221-0409-0000-0060B0CE6BBA}
DWG TrueView 2008 --> C:\Program Files\DWG TrueView 2008\Setup\Setup.exe /P {B1A9CD45-A702-4E3B-91ED-8CD562869901} /M AOEM
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Executor-Win32 Demo --> C:\WINDOWS\IsUninst.exe -fc:\ExecDemo32\Uninst.isu
Fade Team Acedior for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Program Files\Fade Team\Acedior\install.log -lC:\WINDOWS\ResENU.dll
FontSmoother 1.69 --> "C:\Program Files\FontSmoother\unins000.exe"
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GenoPro --> C:\Program Files\GenoPro\Uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hill 218 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.honte.org/Hill_218/Hill_218.jnlp"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MONOPOLY HERE & NOW EDITION --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\MONOPOLY HERE & NOW EDITION.rguninst"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetSeal --> MsiExec.exe /I{672DD10E-8E30-432E-95EC-A0595DA94CA5}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Neuview Standard and Professional 6.07 --> "C:\Program Files\QO Developments\Neuview Media Player\unins000.exe"
Norton AntiVirus 2005 --> MsiExec.exe /X{C6B28661-7910-442E-ADDD-72EAA8395380}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6B28661-7910-442E-ADDD-72EAA8395380}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Palm --> MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
Panda TotalScan --> C:\WINDOWS\system32\Panda Software\ActiveScan2\ascuninst.exe
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Poker Journal v1.5 --> C:\WINDOWS\system32\pInstaller.exe /u "C:\WINDOWS\system32\Poker Journal v1.5.un0"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! PageManager 6.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\Setup.exe" -l0x9 anything
QuickSize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CB2C26A-3A5E-4D0A-A769-E0FC535711DC}\setup.exe"
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Signature995 --> C:\Program Files\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StuffIt Standard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TClockEx --> "C:\Program Files\TClockEx\unins000.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Volo View Express --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
WavePDB 1.5.3 --> "C:\Program Files\CnPUG-WavePDB\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WM Recorder 11.3 --> C:\Program Files\WMR11\Uninstal.exe
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! Address AutoComplete --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10358 / Error
Event Submitted/Written: 06/03/2008 01:31:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10312 / Error
Event Submitted/Written: 06/01/2008 07:19:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10311 / Error
Event Submitted/Written: 06/01/2008 07:19:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10268 / Error
Event Submitted/Written: 05/30/2008 02:37:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10229 / Error
Event Submitted/Written: 05/28/2008 05:15:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application acad.exe, version 22.2.54.10, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33000 / Warning
Event Submitted/Written: 06/21/2008 10:50:02 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type32967 / Error
Event Submitted/Written: 06/21/2008 09:09:11 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type32966 / Error
Event Submitted/Written: 06/21/2008 09:06:11 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
KLIF
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SAVRTPEL
SYMTDI
Tcpip
vsdatant

Event Record #/Type32965 / Error
Event Submitted/Written: 06/21/2008 09:06:11 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type32964 / Error
Event Submitted/Written: 06/21/2008 09:06:11 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-22 13:44:54 ------------


Thanks,

Don.

#14 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:04:03 AM

Posted 24 June 2008 - 03:54 PM

Hi Don,

I can't see anything wrong with your log, except for a final bad folder which we can remove easily. Once the log is clean we can move on to try to fix those other problems.

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files/folders (if present):

C:\WINDOWS\system32\netrax06 <<<-this whole folder

When you are finished, please reboot the computer normally, and post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.

Thanks

#15 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 24 June 2008 - 06:30 PM

Hey Pat,

I'm glad for the re-assurance. I have been EXTREMELY worried about the fact
that we have had a string of failures in your suggestions: ComboFix, Kaspersky, and Malwarebytes.

I was beginning to despair.

However, I deleted the netrax06 folder and here is my log:

Deckard's System Scanner v20071014.68
Run by Don Walsh on 2008-06-24 19:08:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Don Walsh.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:45 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Don Walsh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DONWAL~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: Convert to Palm e-Book - C:\Program Files\CnPUG-WavePDB\WavePDB.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_2/controls/ybrequest.cab
O16 - DPF: {6741FA2E-5E72-11D9-B8D3-A78832C1C537} (Generator7.IonSaliuGen7) - http://www.saliu.com/Generator7.CAB
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183147794796
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.leesallee.com/Remote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {CF7BD15D-60A8-11D8-B8D1-B7651DB32741} (Calculator.IonOddsCalc) - http://www.saliu.com/Calculator.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/v...acheManager.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 10953 bytes

-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-21 08:27:53 0 d-------- C:\hostsxpert
2008-06-17 06:56:19 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-17 06:50:40 0 d-------- C:\WINDOWS\ERUNT
2008-06-15 12:38:00 0 d-------- C:\Temp
2008-06-15 12:37:25 0 d-------- C:\Program Files\uTorrent
2008-06-03 11:46:11 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-29 22:28:24 0 d-------- C:\Program Files\NetSeal


-- Find3M Report ---------------------------------------------------------------

2008-06-24 19:07:07 0 d-------- C:\Program Files\Common Files
2008-06-20 07:46:26 0 d-------- C:\Program Files\PartyGaming
2008-06-19 12:39:11 0 d-------- C:\Program Files\IrfanView
2008-06-19 12:36:21 0 d-------- C:\Program Files\xnews
2008-06-15 12:39:23 0 d-------- C:\Program Files\Trillian
2008-06-15 12:38:42 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-13 22:55:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 07:15:55 0 d--h----- C:\Program Files\Zero G Registry
2008-06-05 15:48:47 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Canon
2008-06-03 13:06:21 0 d-------- C:\Documents and Settings\Don Walsh\Application Data\Adobe
2008-05-17 09:17:21 0 d-------- C:\Program Files\CHESSeCLOCK
2008-05-17 09:15:01 2269 --a------ C:\WINDOWS\system32\msdnf32.dll
2008-05-17 09:14:08 311296 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-17 09:14:07 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 09:06:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 12:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/17/2008 12:42 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [12/26/2005 05:57 PM]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [01/10/2005 01:20 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [03/09/2000 01:15 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-06-24 19:09:59 ------------


Hopefully we can get the other things straightened out.
By the way, why do you think we've had the problems I listed at the top?


Thanks again,

Don.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users