Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With A Trojan: Sillydi Djm


  • This topic is locked This topic is locked
25 replies to this topic

#1 Dewg

Dewg

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 22 June 2008 - 07:50 PM

Here is my Hijack this log:

Deckard's System Scanner v20071014.68
Run by Steve Dugas on 2008-06-22 10:34:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Steve Dugas.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:47, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesBellSecurity Managerfws.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesCommon FilesCommand Softwaredvpapi.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSYSTEM32notepad.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHPQuickPlayQPService.exe
C:Program FilesHPQQuick Launch ButtonsEabServr.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:WINDOWSsystem32ElkCtrl.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9HA.EXE
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesBellSympatico Security AdvisorSSA.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesSound StationSNXUACP.exe
C:Program FilesCommon FilesLogitechkhalsharedKHALMNPR.EXE
C:PROGRA~1hpqSharedHPQTOA~1.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesWindows NTAccessorieswordpad.exe
C:Documents and SettingsSteve DugasDesktopdss.exe
C:PROGRA~1TRENDM~1HIJACK~1Steve Dugas.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {195BDA76-692F-41FA-9FFD-1EDC42FA25F0} - C:WINDOWSsystem32commdl.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:Program FilesBellSecurity ManagerpkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:Program FilesBellSecurity ManagerFBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [eabconfg.cpl] C:Program FilesHPQQuick Launch ButtonsEabServr.exe /Start
O4 - HKLM..Run: [Cpqset] C:Program FilesHPQDefault Settingscpqset.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechCameraService(E)] C:WINDOWSsystem32ElkCtrl.exe /automation
O4 - HKLM..Run: [KONGEPSON Stylus Photo RX620 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9HA.EXE /P38 "KONGEPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [SSA.exe] "C:Program FilesBellSympatico Security AdvisorSSA.exe"
O4 - HKLM..Run: [Security Manager] "C:Program FilesBellSecurity ManagerRps.exe"
O4 - HKLM..Run: [hpWirelessAssistant] C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [ContactKeeper Birthday reminder] "C:Program FilesContactKeeperContactKeeper.exe" /Reminder
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O4 - Global Startup: Sound Station.lnk = C:Program FilesSound StationSNXUACP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binnpjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binnpjpi160_05.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:Program FilesPokerStarsPokerStarsUpdate.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsSteve DugasStart MenuProgramsIMVURun IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.67.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://sympatico.zone.msn.com/bingame/dsh2...h2.1.0.0.68.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab58570.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://sympatico.zone.msn.com/bingame/fotg...tg.1.0.0.37.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:Program FilesCommon FilesCommand Softwaredvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe (file missing)
O23 - Service: Security Manager Firewall (RP_FWS) - Radialpoint Inc. - C:Program FilesBellSecurity Managerfws.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe

--
End of file - 12159 bytes

-- HijackThis Fixed Entries (C:PROGRA~1TRENDM~1HIJACK~1backups) -----------

backup-20080316-225628-144 O4 - HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
backup-20080316-225628-227 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
backup-20080316-225628-285 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
backup-20080316-225628-455 O4 - HKLM..Run: [Option Bib Logo Log] C:Documents and SettingsAll UsersApplication DataLICENSE ADMIN OPTION BIBcool pop.exe
backup-20080316-225628-484 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
backup-20080316-225628-487 O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
backup-20080316-225628-665 O4 - HKCU..Run: [Film file] C:DOCUME~1STEVED~1APPLIC~1BURNSA~1junk plan.exe
backup-20080316-225628-850 O4 - HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog

-- File Associations -----------------------------------------------------------

.scr - scrfile - shellopencommand - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 satzxaun - c:windowssystem32driversdwlrvjfl.dat
R2 ElbyCDIO (ElbyCDIO Driver) - c:windowssystem32driverselbycdio.sys
R3 AnyDVD - c:windowssystem32driversanydvd.sys
R3 catchme - c:docume~1steved~1locals~1tempcatchme.sys (file missing)
R3 ElbyDelay - c:windowssystem32driverselbydelay.sys
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:windowssystem32driverslvprcmon.sys

S1 ShldDrv (Panda File Shield Driver) - c:windowssystem32driversshldrv51.sys (file missing)
S2 PavProc (Panda Process Protection Driver) - c:windowssystem32driverspavproc.sys (file missing)
S2 X4HSX32 - c:program filesmania jeuxx4hsx32.sys (file missing)
S3 SASENUM - c:program filessuperantispywaresasenum.sys
S3 uafilter - c:windowssystem32driversuafilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RP_FWS (Security Manager Firewall) - c:program filesbellsecurity managerfws.exe

S2 PavPrSrv (Panda Process Protection Service) - "c:program filescommon filespanda softwarepavshldpavprsrv.exe" (file missing)
S3 ServiceLayer - "c:program filescommon filespcsuiteservicesservicelayer.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 04:00:00 278 --ah----- C:WINDOWSTasksB01B51429188C93A.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-21 21:58:13 0 dr-h----- C:Documents and SettingsSteve DugasRecent
2008-06-21 20:14:25 0 d-------- C:WINDOWSERUNT
2008-06-13 02:25:30 2538 --a------ C:WINDOWSsystem32tmp.reg
2008-06-11 19:47:57 0 d-------- C:Documents and SettingsSteve DugasApplication DataBSplayer
2008-06-11 19:47:57 0 d-------- C:Documents and SettingsSteve DugasApplication DataBSplayer Pro
2008-06-11 19:47:49 0 d-------- C:Program FilesWebteh
2008-06-02 15:47:47 0 d-------- C:Documents and SettingsSteve DugasApplication DataFrostWire


-- Find3M Report ---------------------------------------------------------------

2008-06-21 22:48:13 0 d-------- C:Documents and SettingsSteve DugasApplication DataSkype
2008-06-21 19:42:06 0 d-------- C:Program FilesCommon FilesPestPatrol
2008-06-18 12:04:26 0 d-------- C:Program FilesMSN Games
2008-06-15 21:54:29 0 d-------- C:Program FilesPokerStars
2008-06-13 11:27:35 0 d-------- C:Program FilesSUPERAntiSpyware
2008-06-13 10:28:19 0 d-------- C:Program FilesCommon FilesCommand Software
2008-06-13 02:43:50 0 d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-06-11 21:34:25 0 d--h----- C:Program FilesInstallShield Installation Information
2008-06-11 20:32:29 0 d-------- C:Program FilesCommon Files
2008-06-11 20:04:51 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-06-09 19:19:03 0 d-------- C:Documents and SettingsSteve DugasApplication DataLimeWire
2008-05-18 19:21:51 0 d-------- C:Documents and SettingsSteve DugasApplication DataMalwarebytes
2008-05-11 16:16:54 0 d-------- C:Program FilesWindows Live Toolbar
2008-05-09 15:54:16 0 d-------- C:Documents and SettingsSteve DugasApplication DataAny Video Converter Professional
2008-05-09 15:33:52 0 d-------- C:Program FilesAny Video Converter Professional
2008-05-09 15:18:21 0 d-------- C:Program FilesCommon FilesDownload Manager
2008-04-28 17:02:58 0 d-------- C:Program FilesMessenger Plus! Live
2008-04-28 17:02:55 0 d-------- C:Program FilesWindows Live
2008-04-28 17:02:55 0 d-------- C:Program FilesMSN Messenger
2008-04-24 21:14:35 0 d-------- C:Program FilesQuickTime
2008-04-24 12:46:51 0 d-------- C:Documents and SettingsSteve DugasApplication DataOpenOffice.org2
2008-04-10 19:57:24 5492 --a------ C:WINDOWSGPlrLanc.dat
2008-04-04 18:58:47 98048 --a------ C:WINDOWSsystem32commdl.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{195BDA76-692F-41FA-9FFD-1EDC42FA25F0}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [11/11/2005 01:05]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [19/06/2005 16:50]
"QPService"="C:Program FilesHPQuickPlayQPService.exe" [12/12/2005 15:39]
"eabconfg.cpl"="C:Program FilesHPQQuick Launch ButtonsEabServr.exe" [07/12/2005 14:56]
"Cpqset"="C:Program FilesHPQDefault Settingscpqset.exe" [01/08/2005 18:26]
"LVCOMSX"="C:WINDOWSsystem32LVCOMSX.EXE" [01/09/2005 16:04]
"LogitechCameraService(E)"="C:WINDOWSsystem32ElkCtrl.exe" [01/11/2004 21:22]
"KONGEPSON Stylus Photo RX620 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9HA.exe" [19/05/2004 17:00]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [21/09/2007 03:10 C:WINDOWSKHALMNPR.Exe]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_05binjusched.exe" [22/02/2008 04:25]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [28/03/2008 23:37]
"SSA.exe"="C:Program FilesBellSympatico Security AdvisorSSA.exe" [15/05/2006 14:41]
"Security Manager"="C:Program FilesBellSecurity ManagerRps.exe" [20/06/2006 18:30]
"hpWirelessAssistant"="C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe" [13/12/2005 19:45]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"LDM"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe" [12/01/2008 19:54]
"Skype"="C:Program FilesSkypePhoneSkype.exe" [14/08/2006 21:39]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [04/08/2004 04:00]
"ContactKeeper Birthday reminder"="C:Program FilesContactKeeperContactKeeper.exe" [13/08/2007 21:33]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [20/01/2007 1:37:41 PM]
Logitech SetPoint.lnk - C:Program FilesLogitechSetPointSetPoint.exe [12/01/2008 7:52:39 PM]
Sound Station.lnk - C:Program FilesSound StationSNXUACP.exe [29/08/2006 11:27:20 AM]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:Program FilesSUPERAntiSpywareSASSEH.DLL [13/06/2008 11:27 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll 19/04/2007 17:41 294912 C:Program FilesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]
c:program filescommon fileslogitechbluetoothLBTWlgn.dll 15/11/2007 10:10 72208 c:Program FilesCommon FilesLogitechBluetoothLBTWLgn.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Photosmart Premier Fast Start.lnk
backup=C:WINDOWSpssHP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupLogitech Desktop Messenger.lnk
backup=C:WINDOWSpssLogitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Steve Dugas^Start Menu^Programs^Startup^IMVU.lnk]
path=C:Documents and SettingsSteve DugasStart MenuProgramsStartupIMVU.lnk
backup=C:WINDOWSpssIMVU.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHpHP Software UpdateHPWuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
"C:Program FilesiTunesiTunesHelper.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechCameraAssistant]
C:Program FilesLogitechVideoCameraAssistant.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechSoftwareUpdate]
"C:Program FilesLogitechVideoManifestEngine.exe" boot

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechVideo[inspector]]
C:Program FilesLogitechVideoInstallHelper.exe /inspect

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRecGuard]
C:WindowsSMINSTRecGuard.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe




-- End of Deckard's System Scanner: finished at 2008-06-22 10:39:03 ------------



extras from Deckard's Scanner:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-32
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 510.17 MiB / 232.17 MiB
Pagefile Memory (total/avail): 1246.77 MiB / 928.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.19 MiB

C: is Fixed (NTFS) - 65.96 GiB total, 41.28 GiB free.
D: is Fixed (FAT32) - 7.54 GiB total, 0.41 GiB free.
E: is CDROM (UDF)
F: is Fixed (NTFS) - 1 GiB total, 1 GiB free.

.PHYSICALDRIVE0 - ST98823A - 74.53 GiB - 3 partitions
PARTITION0 (bootable) - Installable File System - 65.96 GiB - C:
PARTITION1 - Unknown - 7.55 GiB - D:
PARTITION2 - Installable File System - 1027.6 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Security Manager Firewall v5.5.1 (Bell Sympatico (b1xxxxxx)) Disabled
FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Security Manager Anti-Virus v5.5.1 (Bell Sympatico (b1xxxxxx)) Disabled Outdated

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Messenger"
"C:WINDOWSsystem32spooldriversw32x863SAGENT4.EXE"="C:WINDOWSsystem32spooldriversw32x863SAGENT4.EXE:*:Enabled:SAgent4"
"C:Program FilesTimeTrexapache2binApache.exe"="C:Program FilesTimeTrexapache2binApache.exe:*:Enabled:Apache HTTP Server"
"C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe"="C:Program FilesLogitechDesktop Messenger8876480ProgramLogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Program FilesSkypePhoneSkype.exe"="C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsSteve DugasApplication Data
CLASSPATH=.;C:Program FilesJavajre1.6.0_05libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=HP
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsSteve Dugas
LOGONSERVER=HP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:WINDOWSSYSTEM32;C:WINDOWS;C:WINDOWSSYSTEM32WBEM;C:PROGRAM FILESATI TECHNOLOGIESATI CONTROL PANEL;C:PROGRAM FILESQUICKTIMEQTSYSTEM;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.6.0_05libextQTJava.zip
SESSIONNAME=Console
SonicCentral=C:Program FilesCommon FilesSonic SharedSonic Central
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1STEVED~1LOCALS~1Temp
TMP=C:DOCUME~1STEVED~1LOCALS~1Temp
USERDOMAIN=HP
USERNAME=Steve Dugas
USERPROFILE=C:Documents and SettingsSteve Dugas
windir=C:WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Steve Dugas (admin)
timetrex_postgres
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:Program FilesDivXConverterUninstall.exe /CONVERTER
--> C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
--> C:WINDOWSsystem32MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:WINDOWSsystem32MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:WINDOWSsystem32MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Acrobat 5.0 --> C:WINDOWSISUNINST.EXE -f"C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu" -c"C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll"
Adobe Flash Player 9 ActiveX --> C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:WINDOWSISUNINST.EXE -f"C:Program FilesAdobePhotoshop 7.0Uninst.isu" -c"C:Program FilesAdobePhotoshop 7.0Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Any Video Converter Professional 2.5.9 --> "C:Program FilesAny Video Converter Professionalunins000.exe"
AnyDVD --> "C:Program FilesSlySoftAnyDVDAnyDVD-uninst.exe" /D="C:Program FilesSlySoftAnyDVD"
ArcSoft PhotoStudio 5.5 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}setup.exe" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C151CE54-E7EA-4804-854B-F515368B0798}setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe"
ATI Display Driver --> rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:Program FilesGrisoftAVG Anti-Spyware 7.5Uninstall.exe
Canon Camera Support Core Library --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}
Canon Camera Window DVC for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614}
Canon Camera Window for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74}
Canon EOS Kiss_N REBEL_XT 350D WIA Driver --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}
Canon PhotoRecord --> MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}
Canon RAW Image Task for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}
Canon RemoteCapture Task for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities Digital Photo Professional 1.6.1 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{789CF5F1-3326-4B7B-9D01-31047E0F5651}
Canon Utilities EOS Capture 1.3 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169}
Canon Utilities PhotoStitch 3.1 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CloneDVD2 --> "C:Program FilesElaborate BytesCloneDVD2CloneDVD2-uninst.exe" /D="C:Program FilesElaborate BytesCloneDVD2"
Conexant AC-Link Audio --> C:Program FilesCONEXANTCNXT_AUDIOHXFSETUP.EXE -U -ICPL309BA.INF
ContactKeeper 1.3.4 --> "C:Program FilesContactKeeperunins000.exe"
CorelDRAW SA 11 --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{D901F63D-6342-45A9-90FD-D093772A51ED}
DivX Codec --> C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:Program FilesDivXDivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:Program FilesDivXConverterUninstall.exe /CONVERTER
DivX Player --> C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:Program FilesDVD Decrypteruninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:program filesgooglegoogletoolbar3.dll"
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
HP Help and Support --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:Program FilesHPDigital ImagingDigitalImagingMonitorhpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:Program FilesHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{45D707E9-F3C4-11D9-A373-0050BAE317E1}setup.exe" -uninstall
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{BC96BBA7-C634-460E-AD18-A0A994213F80}Setup.exe" -l0x9 -removeonly
HP User Guides 0026 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D17A2FDC-5C16-439C-A0E1-FF350079447E}setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}setup.exe" -l0x9 hpquninst
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Logitech Camera Driver --> "C:Program FilesCommon FilesLogitechQCDRVBINSETUP.EXE" UNINSTALL REMOVEPROMPT -l0409
Logitech Desktop Messenger --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}setup.exe" -l0x9
Logitech SetPoint --> C:Program FilesInstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware --> "C:Program FilesMalwarebytes' Anti-Malwareunins000.exe"
Messenger Plus! Live --> "C:Program FilesMessenger Plus! LiveUninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe"
Microsoft Money 2006 --> "C:Program FilesMicrosoft Money 2006MNYCoreFilesSetupuninst.exe" /s:120
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
Mozilla Sunbird 0.3a2 --> "C:Program FilesMozilla Sunbirdunins000.exe"
MSN --> C:Program FilesMSNMsnInstallermsninst.exe /Action:ARP
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OpenOffice.org 2.0 --> MsiExec.exe /I{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}
PokerStars --> "C:Program FilesPokerStarsPokerStarsUninstall.exe" /u:PokerStars
Quick Launch Buttons 5.20 F2 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{CEB326EC-8F40-47B2-BA22-BB092565D66F}setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
Skype 2.5 --> "C:Program FilesSkypePhoneunins000.exe"
Soft Data Fax Modem with SmartCP --> C:Program FilesCONEXANTCNXT_MODEM_PCI_VEN_1002&DEV_4378HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Station --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{E782D2A0-C42A-11D7-8E15-00E04CE56A21}Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:Program FilesSpybot - Search & Destroyunins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sympatico Security Advisor 1.4.10 --> "C:Program FilesBellSympatico Security Advisorunins000.exe"
Sympatico Security Manager --> C:PROGRA~1COMMON~1INSTAL~1Driver8INTEL3~1IDriver.exe /M{2CD20B0F-E10B-4909-B0ED-83E72C8B7D33}
Synaptics Pointing Device Driver --> rundll32.exe "C:Program FilesSynapticsSynTPSynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR gestione archivi --> C:Program FilesWinRARuninstall.exe
WinZip --> "C:Program FilesWinZipWINZIP32.EXE" /uninstall
Wireless Home Network Setup --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{09D8492A-C8E2-421E-927D-46800FB327A3}setup.exe" -l0x9 -removeonly


-- Application Event Log -------------------------------------------------------

Event Record #/Type1650 / Warning
Event Submitted/Written: 06/13/2008 11:29:20 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1629 / Error
Event Submitted/Written: 06/11/2008 09:29:43 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type1628 / Error
Event Submitted/Written: 06/11/2008 09:29:42 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BF from line 44 of d:qxp_slpcomcom1xsrceventstier1eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type1606 / Error
Event Submitted/Written: 06/11/2008 06:40:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Rps.exe, version 5.5.1.6403, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1600 / Error
Event Submitted/Written: 06/11/2008 06:27:33 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:qxp_slpcomcom1xsrceventstier1eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type59338 / Warning
Event Submitted/Written: 06/22/2008 10:27:54 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A57B6004. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type59332 / Warning
Event Submitted/Written: 06/22/2008 10:27:16 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A57B6004. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type59331 / Warning
Event Submitted/Written: 06/22/2008 10:27:15 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A57B6004. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type59325 / Warning
Event Submitted/Written: 06/21/2008 09:02:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type59315 / Warning
Event Submitted/Written: 06/21/2008 08:50:06 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0014A57B6004. The IP address being used is 169.254.157.65.



-- End of Deckard's System Scanner: finished at 2008-06-22 10:39:03 ------------

here is a link to my previous posts so you can see what has been done

http://www.bleepingcomputer.com/forums/t/151736/i-cant-get-rid-of-this-trojan/

Merged posts. ~ OB

Edited by Orange Blossom, 22 June 2008 - 09:43 PM.


BC AdBot (Login to Remove)

 


#2 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 25 June 2008 - 05:27 PM

is there anybody out there?

#3 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 30 June 2008 - 09:34 PM

was it something I said?

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:33 PM

Posted 01 July 2008 - 04:10 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Just so you are aware, as of right now there are 482 open topics on this forum where people just like you are awaiting a response for help. Clearly this forum is very busy and you should feel fortunate that your post got answered within 10 days despite the fact that you bumped your thread twice, which is against the rules. Please show some patience.

That being said, let's get you fixed up. :)

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\commdl.dll
    C:\WINDOWS\Tasks\B01B51429188C93A.job
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



================


You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Please post a new DSS log.
Let me know what issues you are having currently.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 July 2008 - 08:51 AM

Please forgive my ignorance, won't happen again.

Things didn't work out well, here is the log:

LoadLibrary failed for C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\commdl.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\commdl.dll scheduled to be moved on reboot.
C:\WINDOWS\Tasks\B01B51429188C93A.job moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07042008_090925

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\commdl.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\commdl.dll scheduled to be moved on reboot.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:33 PM

Posted 04 July 2008 - 08:59 AM

No worries. We'll get this taken care of for you.

Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 July 2008 - 11:56 PM

I ran it several times before it actually scanned, once done it rebooted my system and froze at the 'preparing log' screen. Is this log saved anywhere on my drive?

Following that a program seemed to install itself I was able to record the following: 'CF25603.exe' not sure of the path ...c:\windows\system32, I think, but can't say for sure, it was quick. File name is correct though.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:33 PM

Posted 05 July 2008 - 07:59 AM

Check to see if a log is created here: C:\Combofix.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 July 2008 - 08:46 AM

No it wasn't there, I did look in the Combo Fix directory also and found a Combofix.txt file. It wasn't the log either. Should I stop all programs from running at startup before running ComboFix and run it again as it seemed to have a problem with the reboot.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:33 PM

Posted 05 July 2008 - 10:46 AM

Yes, you can try that. In particular disable your antivirus and any antimalware programs that might conflict.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 July 2008 - 01:24 PM

I disabled everything that I could and it still hung after reboot, however, I did find this log in the combofix directory:

ComboFix 08-07-03.5 - Steve Dugas 2008-07-05 13:45:14.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.248 [GMT -4:00]
Running from: C:\Documents and Settings\Steve Dugas\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\commdl.dll . . . . failed to delete
.
---- Previous Run -------
.
C:\RECYCLER\RB4.tmp
C:\WINDOWS\system32\commdl.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-04 11:18 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 11:14 . 2008-07-04 11:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-04 10:03 . 2008-07-04 10:19 <DIR> d-------- C:\Documents and Settings\Steve Dugas\.SunDownloadManager
2008-07-04 09:09 . 2008-07-04 09:09 <DIR> d-------- C:\_OTMoveIt
2008-06-22 10:33 . 2008-06-22 10:33 <DIR> d-------- C:\Deckard
2008-06-21 20:14 . 2008-06-21 20:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-21 20:00 . 2008-06-21 20:54 <DIR> d-------- C:\SDFix
2008-06-13 02:25 . 2008-06-18 10:23 2,538 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 19:47 . 2008-06-11 20:09 <DIR> d-------- C:\Program Files\Webteh
2008-06-11 19:47 . 2008-06-11 19:47 <DIR> d-------- C:\Documents and Settings\Steve Dugas\Application Data\BSplayer Pro
2008-06-11 19:47 . 2008-06-11 20:09 <DIR> d-------- C:\Documents and Settings\Steve Dugas\Application Data\BSplayer
2008-06-11 11:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 16:44 --------- d-----w C:\Documents and Settings\Steve Dugas\Application Data\Skype
2008-07-04 15:18 --------- d-----w C:\Program Files\Java
2008-07-04 14:35 --------- d-----w C:\Program Files\Google
2008-07-04 14:34 --------- d-----w C:\Program Files\Any Video Converter Professional
2008-07-04 14:33 --------- d-----w C:\Documents and Settings\Steve Dugas\Application Data\Any Video Converter Professional
2008-06-21 23:42 --------- d-----w C:\Program Files\Common Files\PestPatrol
2008-06-18 16:04 --------- d-----w C:\Program Files\MSN Games
2008-06-16 01:54 --------- d-----w C:\Program Files\PokerStars
2008-06-13 15:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-13 14:28 --------- d-----w C:\Program Files\Common Files\Command Software
2008-06-13 06:43 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 00:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 23:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 23:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 23:19 --------- d-----w C:\Documents and Settings\Steve Dugas\Application Data\LimeWire
2008-06-03 04:01 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-02 20:37 --------- d-----w C:\Documents and Settings\Steve Dugas\Application Data\FrostWire
2008-05-18 23:21 --------- d-----w C:\Documents and Settings\Steve Dugas\Application Data\Malwarebytes
2008-05-18 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 20:16 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-09 19:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 19:18 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-01-23 15:43 69,632 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\internaldb4178.dat
2007-01-23 15:22 334 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\internaldb1942.dat
2007-01-23 15:01 151 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\internaldb9169.dat
2007-01-07 05:03 149 ----a-w C:\Program Files\INSTALL.LOG
2006-11-18 03:24 0 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\internaldb6500.dat
2006-11-18 03:24 0 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\internaldb6334.dat
2006-11-18 03:24 0 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\internaldb4877.dat
2006-11-16 03:02 0 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\internaldb1394.dat
2006-08-24 20:48 0 ----a-w C:\Documents and Settings\Steve Dugas\Application Data\wklnhst.dat
2006-08-16 14:25 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:33 PM

Posted 05 July 2008 - 05:29 PM

Right click on combofix.exe and rename it to cf.exe

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
satzxaun

File::
c:\windows\system32\drivers\dwlrvjfl.dat
C:\WINDOWS\Tasks\B01B51429188C93A.job
C:\WINDOWS\system32\commdl.dll
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto Cf.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 July 2008 - 07:29 PM

Followed your instructions to the letter

It currently appears to be hanging at C:\cf\DirRoot (I'm writing this from another system)

The cursor is still blinking erratically and at times disappears for a up to a minute / hard drive light still flashing, but has been in this status for around 1/2 hr?

What do you think?

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:33 PM

Posted 06 July 2008 - 07:36 AM

Looks like we have to go an alternate route. That's ok.
Is there a new log at C:\Combofix.txt that you can post so I can see what got accomplished, if anything?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Dewg

Dewg
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 06 July 2008 - 08:57 AM

Hi Sam,

I was worried about bumping my topic again, but as soon as I sent that last post, it made progress. I let it run for the day while I had to leave and it completed. It took several hours, then it seemed to hang on the rebooting process, but restarted, now it seems to be hanging on the Preparing Log Report, but I'm sure it's still working away extremely slow. We're at almost at a full 24hrs to run/complete the scan. I'll post the log as soon as it completes.

Thanks for you patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users