Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[help] Ieav.exe Ie Antivirus Trojan, Not Yet Download The Av, But Annoying Pop-ups Are Everywhere.


  • This topic is locked This topic is locked
3 replies to this topic

#1 kenalama

kenalama

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 06 July 2008 - 01:35 PM

Hi, sorry for my bad english.

I think I'm infected with the IEav trojan that intends to trick me for downloading a rogue antivirus software.

I got this alert screen (everytime I use IE browser or open folder using explorer.exe ):

System Error!
Your system is infected with dangerous virus!
Note: Strongly recommend to install antispyware program to clean your system and avoid total crash of your computer!
Click OK to download the antispyware. (Recommended)

I use ESET Antivirus and ZA firewall &antispy, but there is no notification about the related virus/malware/trojan (before and after scanning)
Actually i've already read this removal guide but I'm not yet install the ieav.exe ;
and also this topic but wordupmybrotha's log is far different with mine.
So i made a new topic, sorry; and Thx for helping me out.


Here are main.txt and extra.txt and hijackthis.log

-----main.txt----------

Deckard's System Scanner v20071014.68
Run by Kenalama on 2008-07-07 00:54:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-07-06 17:55:40 UTC - RP143 - Deckard's System Scanner Restore Point
14: 2008-07-05 02:47:50 UTC - RP142 - System Checkpoint
13: 2008-07-01 10:04:05 UTC - RP141 - System Checkpoint
12: 2008-06-29 23:31:47 UTC - RP140 - System Checkpoint
11: 2008-06-28 22:43:42 UTC - RP139 - System Checkpoint


-- First Restore Point --
1: 2008-06-19 11:19:45 UTC - RP129 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kenalama.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:11 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\xp-AntiSpy\xp-AntiSpy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\COED11\coed11.exe
C:\Documents and Settings\Kenalama\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kenalama.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\AVIRAS~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HyperIM] C:\Program Files\HyperIM\HyperIM.exe -min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{25149320-3466-4BF5-B21B-AEB9709FC813}: NameServer = 202.***.***.***
O17 - HKLM\System\CCS\Services\Tcpip\..\{2847AFF9-11F3-4E76-BC39-31CD83A28478}: NameServer = 202.***.***.***
O17 - HKLM\System\CS1\Services\Tcpip\..\{25149320-3466-4BF5-B21B-AEB9709FC813}: NameServer = 202.***.***.***
O17 - HKLM\System\CS2\Services\Tcpip\..\{25149320-3466-4BF5-B21B-AEB9709FC813}: NameServer = 202.***.***.***
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10124 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys
R3 AEAudioService (AEAudio Service) - c:\windows\system32\drivers\aeaudio.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 ekrn (Eset Service) - "c:\program files\eset\eset smart security\ekrn.exe"
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-04 19:05:55 380 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 01:01:53 0 d-------- C:\Program Files\Trend Micro
2008-07-06 23:09:04 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-06 22:58:14 26624 --a------ C:\WINDOWS\system32\avirasafe.dll
2008-06-25 21:17:53 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Ahead
2008-06-25 21:14:24 0 d-------- C:\Program Files\Nero
2008-06-25 21:14:24 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-25 21:14:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-17 23:54:24 0 d-------- C:\Program Files\DAP
2008-06-10 12:13:07 0 d-------- C:\WINDOWS\DISNEY
2008-06-10 12:11:37 0 d-------- C:\Documents and Settings\Kenalama\WINDOWS
2008-06-08 12:47:24 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-08 03:04:29 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Ectaco
2008-06-08 03:04:27 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Thinstall
2008-06-07 13:32:22 0 d-------- C:\Documents and Settings\Kenalama\Contacts
2008-06-07 13:29:17 0 d-------- C:\Program Files\MSN Messenger
2008-06-07 13:29:08 7077888 --a------ C:\Documents and Settings\Kenalama\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-06 23:57:55 0 d-------- C:\Documents and Settings\Kenalama\Application Data\MxBoost
2008-07-06 23:56:43 0 d-------- C:\Documents and Settings\Kenalama\Application Data\DMCache
2008-07-06 23:09:04 0 d-------- C:\Program Files\Common Files
2008-07-06 23:08:48 0 d-------- C:\Program Files\Common Files\Real
2008-07-06 22:55:25 0 d-------- C:\Program Files\DAP Premium
2008-07-06 22:34:19 0 d-------- C:\Program Files\Gamenext
2008-07-06 22:34:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 23:31:06 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-26 17:31:13 0 d-------- C:\Documents and Settings\Kenalama\Application Data\AdobeUM
2008-06-26 16:06:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-21 11:32:28 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-14 02:36:27 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Real
2008-06-14 02:35:42 0 d-------- C:\Program Files\Real
2008-06-13 16:01:27 0 d-------- C:\Program Files\Opera
2008-06-13 16:00:55 0 d-------- C:\Program Files\Opera 9.5 beta
2008-06-12 08:38:07 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Adobe
2008-06-09 00:27:15 0 d-------- C:\Program Files\MiniLyrics
2008-06-08 14:32:58 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-06-04 22:13:57 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Macromedia
2008-06-04 03:11:20 0 d-------- C:\Program Files\Autodesk
2008-06-04 03:11:13 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-24 01:56:59 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Opera
2008-05-24 01:39:56 0 d-------- C:\Documents and Settings\Kenalama\Application Data\ESET
2008-05-20 17:21:35 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-20 14:15:36 0 d-------- C:\Documents and Settings\Kenalama\Application Data\PlayFirst
2008-05-20 04:49:34 2288128 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-05-19 00:41:23 0 d-------- C:\Program Files\Winamp
2008-05-18 13:41:58 0 d-------- C:\Program Files\Java
2008-05-18 13:38:20 0 d-------- C:\Documents and Settings\Kenalama\Application Data\Sun
2008-05-18 13:38:11 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-17 22:23:37 0 d-------- C:\Program Files\Common Files\Java
2008-05-16 11:00:09 0 d-------- C:\Program Files\Maxthon2
2008-05-10 11:25:20 0 d-------- C:\Program Files\Internet Download Manager
2008-05-10 03:23:06 0 d-------- C:\Documents and Settings\Kenalama\Application Data\IDM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1B8A44-61FE-411E-8F33-813A4E2E2984}]
07/06/2008 10:58 PM 26624 --a------ C:\WINDOWS\system32\AVIRAS~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 08:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/07/2005 03:35 PM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [11/18/2004 10:16 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 12:10 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/01/2008 04:54 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 06:53 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/06/2008 11:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/31/2006 03:54 PM]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/10/2008 03:30 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:56 AM]
"HyperIM"="C:\Program Files\HyperIM\HyperIM.exe" [11/19/2007 01:23 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [03/12/2007 01:49 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenalama^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\Kenalama\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"VideoAcceleratorService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041608 serial=DR12WUT-6352011-PUX lang=EN

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{167c6628-3962-11dd-9019-0015e9f05bb5}]
AutoRun\command- wscript.exe Thumbs.vbs
explore\Command- Explorer.exe
open\Command- wscript.exe Thumbs.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e210b44-00e7-11dd-8fba-0015f232643c}]
AutoRun\command- H:\end/wiii.bmp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5dfce0-234c-11dd-8fef-0015e9f05bb5}]
AutoRun\command- I:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74de3e68-0581-11dd-8fbd-0015f232643c}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74de3e6a-0581-11dd-8fbd-0015f232643c}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL    .exe
open\command-    .exe




-- End of Deckard's System Scanner: finished at 2008-07-07 01:05:52 ------------


------extra.txt------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1023.23 MiB / 393.94 MiB
Pagefile Memory (total/avail): 2461.84 MiB / 1912.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 25 GiB total, 5.66 GiB free.
D: is Fixed (NTFS) - 40 GiB total, 2.54 GiB free.
E: is Fixed (NTFS) - 40 GiB total, 0.89 GiB free.
F: is Fixed (NTFS) - 44.03 GiB total, 1.08 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 25 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 124.04 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

FW: ESET Personal firewall v3.0.645.0 (ESET, spol. s r. o.)
FW: ZoneAlarm Pro Firewall v7.0.470.000 (Check Point, LTD.)
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)"
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Gamenext\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Gamenext\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kenalama\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kenalama
INCLUDE=C:\WINDOWS\watcom-1.3\h;C:\WINDOWS\watcom-1.3\h\nt;C:\WINDOWS\watcom-1.3\maple\include
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\MOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\watcom-1.3\binnt;C:\WINDOWS\watcom-1.3\binw;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\BC5\BIN;;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kenalama\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kenalama\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MOP
USERNAME=Kenalama
USERPROFILE=C:\Documents and Settings\Kenalama
WATCOM=C:\WINDOWS\watcom-1.3
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kenalama (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
ACDSee 8 --> MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Acoustica Audio Converter Pro --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Alkitab 2.40 --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Alkitab 2.40\ST5UNST.LOG"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Borland C++ 5.0 --> C:\WINDOWS\BC5RMV.EXE C:\BC5\BC5RMV.LOG
Chinese Simplified Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
Cisco Networking Academy curriculum 4.0.0.0 --> "C:\CISCO_CCNA\unins000.exe"
Concise Oxford English Dictionary (Eleventh Edition) --> C:\Program Files\COED11\Uninstal.exe
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
CyberLink PowerDVD 8 --> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\WINDOWS\Dev-Cpp\uninstall.exe"
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
ESET Smart Security --> MsiExec.exe /I{6ECB944F-D027-4E8A-9906-70E77C005AD5}
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Ferryman --> "C:\Program Files\Gamenext\Ferryman\Uninstall.exe" "C:\Program Files\Gamenext\Ferryman\install.log"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HyperIM 2.14 --> "C:\Program Files\HyperIM\uninstall.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Maple 10 --> "C:\Program Files\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe"
Maxthon2 Browser (remove only) --> C:\Program Files\Maxthon2\MaxthonUINST.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Opera 9.50 --> MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Wallpaper Calendar --> C:\WINDOWS\iun6002.exe "C:\Program Files\zepsoft\Wallpaper Calendar\irunin.ini"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
xp-AntiSpy 3.95 --> C:\Program Files\xp-AntiSpy\Uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3998 / Error
Event Submitted/Written: 07/06/2008 11:32:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type3989 / Success
Event Submitted/Written: 07/06/2008 08:47:08 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3983 / Warning
Event Submitted/Written: 07/06/2008 08:42:02 PM
Event ID/Source: 19011 / MSSQLServer
Event Description:
SuperSocket info: (SpnRegister) : Error 1355.

Event Record #/Type3960 / Success
Event Submitted/Written: 07/05/2008 09:07:51 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3955 / Warning
Event Submitted/Written: 07/05/2008 09:04:23 PM
Event ID/Source: 19011 / MSSQLServer
Event Description:
SuperSocket info: (SpnRegister) : Error 1355.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11731 / Error
Event Submitted/Written: 07/06/2008 11:00:46 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Messenger Sharing Folders USN Journal Reader service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type11730 / Warning
Event Submitted/Written: 07/06/2008 10:55:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11724 / Error
Event Submitted/Written: 07/06/2008 08:47:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type11722 / Error
Event Submitted/Written: 07/06/2008 08:46:13 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type11698 / Error
Event Submitted/Written: 07/05/2008 09:09:22 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460



-- End of Deckard's System Scanner: finished at 2008-07-07 01:05:52 ------------

Edited by kenalama, 06 July 2008 - 01:40 PM.


BC AdBot (Login to Remove)

 


#2 kenalama

kenalama
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 09 July 2008 - 02:50 PM

:thumbsup:

hello ?

:)

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:46 PM

Posted 28 July 2008 - 01:00 PM

Hello kenalama

Welcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to. If you have not resolved this issue and still need assistance, post a new HJT log as your system may have changed since your original post.

By replying to your own post, you removed yourself from the Zero replies category that our helpers look for to work logs, thats why your post was not answered in a timely manor

Post a new Hijackthis log and please do not edit any part of it out.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:46 PM

Posted 05 August 2008 - 05:03 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users