Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 vistavenom

vistavenom

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 28 June 2008 - 12:55 PM

How do I remove the trojan from my computer?
Deckard's System Scanner v20071014.68
Run by deb on 2008-06-28 12:12:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-06-28 03:23:43 UTC - RP284 - ThreatFire Quarantine: sfs_setup.exe
8: 2008-06-28 03:22:43 UTC - RP282 - ThreatFire Quarantine: sfs_setup.zip
7: 2008-06-26 15:58:17 UTC - RP280 - Windows Update
6: 2008-06-25 21:22:05 UTC - RP279 - ThreatFire Quarantine: ad192216_0.gif
5: 2008-06-25 18:50:49 UTC - RP277 - ThreatFire Quarantine: ProxyEnable


-- First Restore Point --
1: 2008-06-25 05:29:36 UTC - RP269 - Installed Microsoft Visual C++ 2005 Redistributable


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 894 MiB (1024 MiB recommended).


-- HijackThis (run as deb.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:21 PM, on 6/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\gtsrp\gtsrp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\sttray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\PeoplePC\ISP6630\Browser\Bartshel.exe
C:\Program Files\PeoplePC\ISP6630\Browser\PPShared.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\PeoplePC Accelerated\PeoplePC.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\PeoplePC\ISP6630\Browser\Bartshel.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFCVQ1RM\dss[1].exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\deb.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60293
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: TBSB09819 - {DC77F23E-1D48-4238-9776-B705F92073FB} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [gtsrp] C:\Program Files\gtsrp\gtsrp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6630\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} (WLANinfo.WLANX) - https://www.jiwire.com/activeX/wlaninfo.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B6DEFC0-8A7E-4DA3-9D4B-E7F1D06F76B3}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14745 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

S3 Aox402Camera (Eye-Q Mini (Video)) - c:\windows\system32\drivers\aox402vc.sys <Not Verified; Endpoints, Incorporated; Aox SE402 Reference Cam>
S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys
S3 MR97310_USB_DUAL_CAMERA (DUAL MODE CAMERA SL310) - c:\windows\system32\drivers\mr97310c.sys <Not Verified; Mars Semiconductor Corp.; USB Dual-Mode Camera>
S3 SE402RefCameraStill (Eye-Q Mini (WDM)) - c:\windows\system32\drivers\aox402sc.sys <Not Verified; Endpoints, Incorporated; SE402 Reference Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S2 winss (Windows Live OneCare) -
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel


-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 03:00:00 484 --a------ C:\Windows\Tasks\MacroVirus Scheduled Scan.job
2008-06-28 00:56:39 484 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - deb.job
2008-06-27 14:06:22 414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{FFFD7AC2-B86C-4EC4-A402-83CDDA498C8B}.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 12:20:56 0 d-------- C:\Program Files\Trend Micro
2008-06-25 00:36:16 0 d-------- C:\Program Files\Flex GIF Animator
2008-06-25 00:29:29 26624 --a------ C:\Windows\system32\dzwrapper.dll <DZWRAP~1.DLL> <Not Verified; DAZ 3D, Inc; DAZ Studio>
2008-06-25 00:29:27 9875456 --a------ C:\Windows\system32\dzcore.dll <Not Verified; DAZ 3D, Inc; DAZ Studio>
2008-06-25 00:29:27 49152 --a------ C:\Windows\system32\dzcarrara.dll <DZCARR~1.DLL> <Not Verified; DAZ 3D, Inc; DAZ Studio>
2008-06-25 00:29:26 33280 --a------ C:\Windows\system32\dzbryce6.dll <Not Verified; DAZ 3D, Inc; DAZ Studio>
2008-06-25 00:29:25 2076672 --a------ C:\Windows\system32\dz3delight.dll <DZ3DEL~1.DLL>
2008-06-25 00:29:24 6131712 --a------ C:\Windows\system32\daz-qt-mt.dll <DAZ-QT~1.DLL>
2008-06-25 00:29:23 1785856 --a------ C:\Windows\system32\daz-qsa.dll
2008-06-25 00:27:14 0 d-------- C:\Program Files\Common Files\DAZ
2008-06-25 00:27:13 0 d-------- C:\Program Files\DAZ
2008-06-25 00:22:45 0 d-------- C:\Program Files\AoaoWatermark
2008-06-25 00:19:26 0 d-------- C:\Program Files\Blender Foundation
2008-06-24 17:20:10 1122304 ---h----- C:\Windows\system32\wodfamop.dll <Not Verified; Abrosoft; FantaMorph>
2008-06-24 17:20:04 0 d-------- C:\Program Files\Abrosoft
2008-06-23 23:20:43 0 d-------- C:\Users\All Users\PC Tools
2008-06-23 23:20:43 0 d-------- C:\Program Files\ThreatFire
2008-06-16 14:21:12 0 d-------- C:\Program Files\Sanyo
2008-06-16 13:38:37 11776 --a------ C:\Windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
2008-06-10 10:53:32 0 d-------- C:\Program Files\Citrix
2008-06-08 09:54:02 0 d-------- C:\Program Files\Cisco
2008-06-08 09:47:46 22729 --a------ C:\newkey
2008-05-31 20:21:14 4 --a------ C:\Windows\system32\CBAC39


-- Find3M Report ---------------------------------------------------------------

2008-06-28 10:02:11 0 d-------- C:\Program Files\SpiralFrog
2008-06-26 21:42:28 0 d-------- C:\Users\deb\AppData\Roaming\SiteAdvisor
2008-06-25 13:41:56 14080 --a------ C:\Users\deb\AppData\Roaming\wklnhst.dat
2008-06-25 13:17:53 0 d-------- C:\Program Files\PeoplePC Accelerated
2008-06-25 00:27:14 0 d-------- C:\Program Files\Common Files
2008-06-25 00:19:30 0 d-------- C:\Users\deb\AppData\Roaming\Blender Foundation
2008-06-20 14:41:54 22323 --a------ C:\Users\deb\AppData\Roaming\UserTile.png
2008-06-20 10:59:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-16 14:04:42 0 d-------- C:\Program Files\ArcSoft
2008-06-10 23:12:37 0 d-------- C:\Program Files\Windows Mail
2008-06-10 18:10:56 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-10 18:10:52 0 d-------- C:\Program Files\Spyware Doctor
2008-06-08 09:47:36 0 d-------- C:\Users\deb\AppData\Roaming\InstallShield
2008-05-22 22:50:26 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-12 23:15:33 0 d-------- C:\Program Files\Apple Software Update
2008-05-11 05:11:56 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
07/26/2007 12:39 PM 235520 --a------ C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC77F23E-1D48-4238-9776-B705F92073FB}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"= C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [07/26/2007 12:39 PM 235520]

[-HKEY_CLASSES_ROOT\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_CLASSES_ROOT\PeoplePal Toolbar]
[HKEY_CLASSES_ROOT\TypeLib\{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]
[HKEY_CLASSES_ROOT\PeoplePal Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2007 07:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [07/11/2006 05:12 PM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [11/21/2006 07:52 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [03/16/2007 05:20 AM]
"gtsrp"="C:\Program Files\gtsrp\gtsrp.exe" [07/27/2007 06:32 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 05:23 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [08/13/2007 01:05 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35 AM]
"SigmatelSysTrayApp"="sttray.exe" [01/12/2007 10:51 AM C:\Windows\sttray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/18/2007 06:46 PM]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [10/15/2007 03:38 PM]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [10/04/2007 04:14 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11/05/2006 12:22 PM]
"Bart Station"="C:\Program Files\PeoplePC\ISP6630\BIN\PPCOLink.exe" [08/07/2007 05:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [04/24/2008 04:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 01:55 PM]
"@"="" []
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [12/10/2007 07:28 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/12/2008 09:39 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [9/14/2007 11:10:47 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 09:02 PM 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38b98911-9a45-11dc-b045-001c2398b6c3}]
AutoRun\command- F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-28 12:25:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron™ Processor 3500+
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 893.44 MiB / 254.15 MiB
Pagefile Memory (total/avail): 2043.91 MiB / 979.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.38 MiB

C: is Fixed (NTFS) - 64.45 GiB total, 32.36 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 3.96 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 ATA Device - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 78.41 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 64.45 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ThreatFire v3.5.0.21 (PC Tools)
AV: Panda Antivirus 2008 v3.01.00 (Panda Security)
AV: Spyware Doctor with AntiVirus v (PC Tools)
AS: Panda Antivirus 2008 v3.01.00 (Panda Security)
AS: Spyware Doctor v5.1.0.273 (PC Tools)
AS: SpywareBot v () Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: ThreatFire v3.5.0.21 (PC Tools)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\deb\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEB-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\deb
LOCALAPPDATA=C:\Users\deb\AppData\Local
LOGONSERVER=\\DEB-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\SYSTEM32;C:\Windows;C:\Windows\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\DLLSHARED\;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\9.0\DLLSHARED\;C:\Program Files\Panda Security\Panda Antivirus 2008\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4c02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\deb\AppData\Local\Temp
TMP=C:\Users\deb\AppData\Local\Temp
USERDOMAIN=deb-PC
USERNAME=deb
USERPROFILE=C:\Users\deb
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

deb


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
--> .
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
Abrosoft FantaMorph 4.0 --> "C:\Program Files\Abrosoft\FantaMorph4\unins000.exe"
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E8C2BA2-F4CA-4A1D-A690-6B9A411DAF8B}\setup.exe" -l0x9
ATI Catalyst Control Center Ex --> MsiExec.exe /I{EAB9C426-6626-7B76-64F3-569FDCA9852D}
ATI PCI Express (3GIO) Filter Driver --> C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\setup.exe -runfromtemp -l0x0009 -removeonly
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CA eTrust PestPatrol Anti-Spyware --> "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
DAZ Studio --> C:\Program Files\DAZ\Studio\Remove-Studio.exe
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DesktopFun Toolbar --> regsvr32 /u /s "C:\Program Files\DesktopFun Toolbar\desktopfuntoolbar.dll"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eye-Q Mini Driver --> C:\Windows\EYEQSetup.exe C:\EYEQMINI\
File Shredder 2.0 --> "C:\Program Files\File Shredder\unins000.exe"
Flex GIF Animator version 8.63 --> "C:\Program Files\Flex GIF Animator\unins000.exe"
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hotspot Shield 1.04 --> C:\Program Files\Hotspot Shield\Uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malware Immunizer 1.5 --> C:\PROGRA~1\MALWAR~4\MI.exe /remove /q0
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe
Microsoft Application Error Reporting -->
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Move Networks Media Player for Internet Explorer --> C:\Users\deb\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NetZero Internet --> "C:\Program Files\NetZero\NetZeroUninstaller.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda Antivirus 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\Setup.exe" -l0x9 -removeonly
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
PeoplePC Online --> C:\Windows\system32\PPCOUNIN.EXE
PeoplePC:PeoplePal Toolbar 6.6 --> C:\Program Files\PeoplePC\Toolbar\ppaluninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Presto! ImageFolio 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{783033B0-D8E6-11D5-9293-0050BA073EEC}\Setup.exe" -l0x9
Presto! Mr. Photo --> C:\Windows\IsUninst.exe -f"C:\Program Files\NewSoft\MrPhoto16\DeIsL1.isu"
Presto! VideoWorks 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39D8C213-B0DF-11D5-9293-0050BA073EEC}\Setup.exe" -l0x9
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpiralFrog Download Manager 0.8.23 --> MsiExec.exe /X{95738B44-49CF-4C62-A620-320F1007B14A}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
ThreatFire 3.5 --> "C:\Program Files\ThreatFire\unins000.exe"
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WordSearcher --> C:\Program Files\WordUninstaller\UnInstallKey.exe
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\Windows\cache\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type100099 / Error
Event Submitted/Written: 06/28/2008 10:27:47 AM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16681 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1494
Start Time: 01c8d930cb2a4064
Termination Time: 174

Event Record #/Type100088 / Success
Event Submitted/Written: 06/28/2008 10:01:43 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type100087 / Success
Event Submitted/Written: 06/28/2008 10:01:42 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type100081 / Success
Event Submitted/Written: 06/28/2008 10:01:07 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type100057 / Success
Event Submitted/Written: 06/28/2008 06:48:07 AM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type194881 / Warning
Event Submitted/Written: 06/28/2008 11:46:36 AM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type194861 / Warning
Event Submitted/Written: 06/28/2008 10:05:01 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type194860 / Warning
Event Submitted/Written: 06/28/2008 10:05:01 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type194857 / Warning
Event Submitted/Written: 06/28/2008 10:03:50 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type194856 / Warning
Event Submitted/Written: 06/28/2008 10:03:50 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.



-- End of Deckard's System Scanner: finished at 2008-06-28 12:25:23 ------------

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 AM

Posted 21 July 2008 - 08:31 AM

Hello. I am PropangandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Run Deckard's System Scanner
If you have not already used DSS or you have lost your copy, please download Deckard's System Scanner (DSS) and save to your Desktop.

You must be logged onto an account with administrator privileges. If you are using Windows Vista, right click dss.exe and select Run as Administrator.
  • Click on your Start Menu, then Run. Input:
    "%userprofile%\desktop\dss.exe" /config
  • Click Check All and then Scan.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so. If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

When DSS is run will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
This program will only scan your computer and create a log. It does not alter your computer.

Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


With Regards,
The Panda

#3 vistavenom

vistavenom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 21 July 2008 - 04:42 PM

Well, it has been quite a while since I posted so I actually wasn't expecting a response this late.
I really feel silly about this as the scan that detected the malware also had an option to clean it.
My daughter pointed this out to me. (I usually notice those things) I guess I was so upset that
I had the malware that I overlooked it. I have so much security and anti this and anti that so
I couldn't understand how something still slipped by. I guess that happens. Since that time
I was sent a response from Dell that showed me another spot to scan and delete such
malware. As it turned out I had multiple trojans and worms not even detected by the last
scan. Hopefully, the most of it is gone now. My computer is running more smoothly and
I guess I wil have to live with any damage they had done.
Anyway thank you for the assistance. I will keep it for future reference.
Vistavenom

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 AM

Posted 21 July 2008 - 06:30 PM

Hello.

Thanks for letting us know. Hopefully we can repond faster in the future :thumbsup: .

I will ask for this topic to be closed.

With Regards,
The Panda

#5 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:05 AM

Posted 23 July 2008 - 11:52 PM

Hi,

Because this topic appears to have been resolved I will now close topic.
If you need it re-opened and would like Panda to help you double check all is OK.. please PM Me or a member of the moderating team with a link to your topic.

All others pleae begin a new topic.

Thanks

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users