Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uninstalled Antispywaremaster Is Computer Clean?


  • This topic is locked This topic is locked
2 replies to this topic

#1 chronk

chronk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 15 July 2008 - 07:14 PM

Windows XP Pro
Service Pack 2
Dell Dimension 5100
Pentium 4 2.8 GHZ
1 GB RAM

Am downloading java jre 6u7
Will run Kapersky scan if need to

Where do I download Hijackthis, I believe there are a couple of sources
am not sure what bleeping computer's preference is.

Thank You,

Chronk

OK, by now I have read further down the read first list.
I see that DSS will download Hijackthis
Will post as soon as I can.
Thanks,
Chronk

Kapersky Scan Results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 15, 2008 20:18:26
Records in database: 957114
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:
C:
D:
E:
F:

Scan statistics:
Files scanned: 87173
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:38:35


File name / Threat name / Threats count
C:RECYCLERS-1-5-21-3602185497-406380827-3588901769-1008Dc38Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:RECYCLERS-1-5-21-3602185497-406380827-3588901769-1008Dc39.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.


=====================================================================
Deckard's Scan Main:
Deckard's System Scanner v20071014.68
Run by User Name on 2008-07-15 21:51:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-16 02:51:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-15 21:54:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAVGAVG8avgwdsvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32PNUpdate.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWebDrivewdService.exe
C:Program FilesAVGAVG8avgrsx.exe
C:WINDOWSexplorer.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesVisioneer OneTouchOneTouchMon.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesMicrosoft ActiveSyncrapimgr.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsusernameDesktopdss.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32iftuyszv.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {0F92B76E-075A-453B-8AC3-B5047FB2829B} - C:Program FilesWindows Media Playerhokewoc66225.dll (file missing)
O2 - BHO: (no name) - {1566E61A-25F6-4CEC-8724-483B59B3225C} - C:WINDOWSsystem32urqOHAQk.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:Program FilesAVGAVG8avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {D8811437-EAE7-4E41-AA8A-1227B03CB74F} - C:WINDOWSsystem32iifGArsr.dll (file missing)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:WINDOWSsystem32vtUNddee.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogleToolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:Program FilesAVGAVG8avgtoolbar.dll
O4 - HKLM..Run: [PaperPort PTD] C:Program FilesScanSoftPaperPortpptd40nt.exe
O4 - HKLM..Run: [IndexSearch] C:Program FilesScanSoftPaperPortIndexSearch.exe
O4 - HKLM..Run: [OneTouch Monitor] C:Program FilesVisioneer OneTouchOneTouchMon.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSnetwork diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSnetwork diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (PNUP.Version) - http://lb.officedesklive.com/eolupcli.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197657253531
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C927DDDB-8BE9-4C1B-BDEF-CD60C75A5A05} () - http://lb.officedesklive.com/pnupcli.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: vtUNddee - C:WINDOWSsystem32vtUNddee.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG8avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:WINDOWS444.470 service
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:WINDOWSportsv.exe service
O23 - Service: Provision Networks Update Service (PNUpdate) - Provision Networks - C:WINDOWSsystem32PNUpdate.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:Program FilesWebDrivewdService.exe


--
End of file - 9525 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:windowssystem32driversomci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:windowssystem32driversmcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
R2 WebDriveFSD (WebDrive Filesystem Driver) - c:program fileswebdrivewdfsd.sys

S1 scsiportt - c:windowssystem32driversscsiportt.sys (file missing)
S3 NAL (Nal Service ) - c:windowssystem32driversiqvw32.sys <Not Verified; Intel Corporation; IntelŪ iQVW32.SYS>
S3 sysrest.sys - c:windowssystem32sysrest.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:windowssystem32driverswanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 PNUpdate (Provision Networks Update Service) - c:windowssystem32pnupdate.exe -run <Not Verified; Provision Networks; Provision Networks Print-IT>
R2 WebDriveService (WebDrive Service) - c:program fileswebdrivewdservice.exe <Not Verified; South River Technologies, LLC; WebDrive>

S2 PlugPlayRPC (Plug and Play (RPC)) - c:windowsportsv.exe service (file missing)
S4 MsSecurity1.209.4 (MsSecurity Updated) - c:windows444.470 service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-15 19:03:26 330 --ah----- C:WINDOWSTasksMP Scheduled Scan.job
2008-04-24 13:34:45 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job
2005-09-15 12:06:19 258 --a------ C:WINDOWSTasksISP signup reminder 1.job


-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-15 19:17:55 0 d-------- C:Program FilesCommon FilesJava


-- Find3M Report ---------------------------------------------------------------

2008-07-15 19:18:33 0 d-------- C:Program FilesJava
2008-07-15 19:17:55 0 d-------- C:Program FilesCommon Files
2008-07-11 14:34:26 4 --a------ C:WINDOWSsystem32962628
2008-06-10 17:21:31 0 d-------- C:Program FilesWindows Defender
2008-06-10 16:00:39 52736 --a------ C:WINDOWSsystem32blphcg1nj0et77.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-09 09:41:54 2218 --a------ C:WINDOWSsystem32tmp.reg
2008-06-09 09:36:40 0 d-------- C:Documents and SettingsusernameApplication Datashcn1nj0et77
2008-06-09 09:31:53 0 d-------- C:Program FilesLavasoft
2008-06-09 09:29:24 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-06-06 13:28:15 1214 --ahs---- C:WINDOWSsystem32kQAHOqru.ini2
2008-06-06 13:20:54 0 d-------- C:Documents and SettingsusernameApplication DataAVGTOOLBAR
2008-06-06 12:28:18 1557 --ahs---- C:WINDOWSsystem32rsrAGfii.ini2
2008-06-06 12:27:52 0 d-------- C:Program FilesAVG
2008-06-06 10:54:47 11776 --a------ C:WINDOWSsvcinit.exe
2008-06-06 10:54:47 27648 --a------ C:WINDOWSsvchost32.exe
2008-06-06 10:54:47 25856 --a------ C:WINDOWSsistem.exe
2008-06-06 10:54:47 22528 --a------ C:WINDOWSsearchword.dll
2008-06-06 10:54:46 30976 --a------ C:WINDOWSrundll16.exe
2008-06-06 10:54:46 13056 --a------ C:WINDOWSquicken.exe
2008-06-06 10:54:46 29440 --a------ C:WINDOWSqttasks.exe
2008-06-06 10:54:45 13312 --a------ C:WINDOWSmswsc20.dll
2008-06-06 10:54:45 28928 --a------ C:WINDOWSmswsc10.dll
2008-06-06 10:54:45 24064 --a------ C:WINDOWSmsupdate.exe
2008-06-06 10:54:44 14336 --a------ C:WINDOWSmsspi.dll
2008-06-06 10:54:44 25088 --a------ C:WINDOWSmsconfd.dll
2008-06-06 10:54:44 10240 --a------ C:WINDOWSinternet.exe
2008-06-06 10:54:44 26112 --a------ C:WINDOWSinetinf.exe
2008-06-06 10:54:43 8960 --a------ C:WINDOWSiedll.exe
2008-06-06 10:54:43 18944 --a------ C:WINDOWShelpcvs.exe
2008-06-06 10:54:43 24576 --a------ C:WINDOWSgfmnaaa.dll
2008-06-06 10:54:43 32512 --a------ C:WINDOWSfunny.exe
2008-06-06 10:54:42 19968 --a------ C:WINDOWSfunniest.exe
2008-06-06 10:54:42 17152 --a------ C:WINDOWSexplorer32.exe
2008-06-06 10:54:41 18688 --a------ C:WINDOWSexplore.exe
2008-06-06 10:54:41 13056 --a------ C:WINDOWSeditpad.exe
2008-06-06 10:54:41 18432 --a------ C:WINDOWSdnsrelay.dll
2008-06-06 10:54:41 24576 --a------ C:WINDOWSdirectx32.exe
2008-06-06 10:54:41 29440 --a------ C:WINDOWSctrlpan.dll
2008-06-06 10:54:41 12288 --a------ C:WINDOWSctfmon32.exe
2008-06-06 10:33:57 4 --a------ C:WINDOWSsystem32hljwugsf.bin
2008-05-19 14:49:21 0 --a------ C:WINDOWSsystem32Biport
2008-05-06 17:53:02 155740 --a------ C:WINDOWSsystem32pnuprdp.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2008-05-06 17:52:54 159835 --a------ C:WINDOWSsystem32pnupica6.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2008-05-06 17:52:04 565340 --a------ C:WINDOWSsystem32pnupclnt.exe <Not Verified; Provision Networks; Provision Networks Print-IT>
2008-05-06 17:51:50 2015232 --a------ C:WINDOWSsystem32pnupclnt.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2008-05-06 17:50:20 282715 --a------ C:WINDOWSsystem32pnupver.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2008-05-06 17:50:12 315482 --a------ C:WINDOWSsystem32pnupspl.dll <Not Verified; Provision Networks; Provision Networks Print-IT>
2008-05-06 17:49:50 32768 --a------ C:WINDOWSsystem32PNUpdate.exe <Not Verified; Provision Networks; Provision Networks Print-IT>
2008-05-06 17:45:14 94208 --a------ C:WINDOWSsystem32pntray.exe <Not Verified; Provision Networks; Provision Networks PNTray>
2008-05-06 17:45:12 90112 --a------ C:WINDOWSsystem32pntray.dll <Not Verified; Provision Networks; Provision Networks PNTray>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{0F92B76E-075A-453B-8AC3-B5047FB2829B}]
C:Program FilesWindows Media Playerhokewoc66225.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{1566E61A-25F6-4CEC-8724-483B59B3225C}]
C:WINDOWSsystem32urqOHAQk.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]
06/06/2008 12:28 2050816 --a------ C:PROGRA~1AVGAVG8AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE~Browser Helper Objects{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D8811437-EAE7-4E41-AA8A-1227B03CB74F}]
C:WINDOWSsystem32iifGArsr.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}]
C:WINDOWSsystem32vtUNddee.dll

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:PROGRA~1AVGAVG8AVGTOO~1.DLL [06/06/2008 12:28 2050816]

[-HKEY_CLASSES_ROOTCLSID{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOTavgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"PaperPort PTD"="C:Program FilesScanSoftPaperPortpptd40nt.exe" [03/12/2004 21:09]
"IndexSearch"="C:Program FilesScanSoftPaperPortIndexSearch.exe" [03/12/2004 21:17]
"OneTouch Monitor"="C:Program FilesVisioneer OneTouchOneTouchMon.exe" [08/18/2003 08:12]
"AVG8_TRAY"="C:PROGRA~1AVGAVG8avgtray.exe" [06/06/2008 12:27]
"Windows Defender"="C:Program FilesWindows DefenderMSASCui.exe" [11/03/2006 19:20]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [06/10/2008 04:27]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 05:00]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [06/12/2007 08:37]
"H/PC Connection Agent"="C:Program FilesMicrosoft ActiveSyncwcescomm.exe" [11/13/2006 13:39]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}"= C:WINDOWSsystem32vtUNddee.dll [ ]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"Userinit"="C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32iftuyszv.exe,"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyvtUNddee]
vtUNddee.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32urqOHAQk

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupQuickBooks Update Agent.lnk
backup=C:WINDOWSpssQuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDVDLauncher]
"C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEFI Job Monitor]
C:WINDOWSsystem32rundll32.exe C:WINDOWSSystem32spoolDRIVERSW32X863efjm.dll,run

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregH/PC Connection Agent]
"C:Program FilesMicrosoft ActiveSyncwcescomm.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]
C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
"C:Program FilesQuickTimeQTTask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavaj2re1.4.2_03binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
"C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]
C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg{9f17a845-47fe-2163-36ec-73b0fa07a833}]
C:WINDOWSSystem32Rundll32.exe "C:WINDOWSsystem32{20950fac-8324-2a9f-62c4-9d846dbac214}.dll" DllStart

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"MsSecurity1.209.4"=2 (0x2)
"IDriverT"=3 (0x3)



-- End of Deckard's System Scanner: finished at 2008-07-15 21:55:43 ------------

=========================================================
Deckard's Extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: IntelŪ PentiumŪ 4 CPU 2.80GHz
CPU 1: IntelŪ PentiumŪ 4 CPU 2.80GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1014.07 MiB / 686.66 MiB
Pagefile Memory (total/avail): 2438.18 MiB / 2102.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.04 GiB total, 33.27 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (FAT32)

.PHYSICALDRIVE0 - ST380013AS - 74.5 GiB - 3 partitions
PARTITION0 - Unknown - 31.35 MiB
PARTITION1 (bootable) - Installable File System - 71.04 GiB - C:
PARTITION2 - Unknown - 3.42 GiB

.PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 3.82 GiB - 1 partition
PARTITION0 (bootable) - Unknown - 3.83 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"C:Program FilesCommon FilesAOLACSAOLacsd.exe"="C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLACSAOLDial.exe"="C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL"
"C:Program FilesAmerica Online 9.0waol.exe"="C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:AOL"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesRealRealPlayerrealplay.exe"="C:Program FilesRealRealPlayerrealplay.exe:*:Enabled:RealPlayer"
"C:Program FilesInternet ExplorerIEXPLORE.EXE"="C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:WINDOWSsystem32sessmgr.exe"="C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesMicrosoft ActiveSyncrapimgr.exe"="C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:Program FilesMicrosoft ActiveSyncwcescomm.exe"="C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:Program FilesMicrosoft ActiveSyncWCESMgr.exe"="C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCommon FilesAOLACSAOLacsd.exe"="C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLACSAOLDial.exe"="C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL"
"C:Program FilesAmerica Online 9.0waol.exe"="C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:AOL"
"C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe"="C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:Program FilesMicrosoft ActiveSyncrapimgr.exe"="C:Program FilesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:Program FilesMicrosoft ActiveSyncwcescomm.exe"="C:Program FilesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:Program FilesMicrosoft ActiveSyncWCESMgr.exe"="C:Program FilesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:WINDOWSLMI15A.tmplmi_rescue.exe"="C:WINDOWSLMI15A.tmplmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:WINDOWSLMIB.tmplmi_rescue.exe"="C:WINDOWSLMIB.tmplmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:WINDOWSLMI314.tmplmi_rescue.exe"="C:WINDOWSLMI314.tmplmi_rescue.exe:*:Disabled:LogMeIn Rescue"
"C:WINDOWSLMI315.tmplmi_rescue.exe"="C:WINDOWSLMI315.tmplmi_rescue.exe:*:Disabled:LogMeIn Rescue"
"C:WINDOWSLMI1D.tmplmi_rescue.exe"="C:WINDOWSLMI1D.tmplmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:Program FilesAVGAVG8avgupd.exe"="C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe"
"C:WINDOWSLMI5.tmplmi_rescue.exe"="C:WINDOWSLMI5.tmplmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:Documents and SettingsusernameLocal SettingsTemp.tt8.tmp"="C:Documents and SettingsusernameLocal SettingsTemp.tt8.tmp:*:Enabled:enable"
"C:WINDOWSLMIB9.tmplmi_rescue.exe"="C:WINDOWSLMIB9.tmplmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:Program FilesJamBase Rhapsodyrhapsody.exe"="C:Program FilesJamBase Rhapsodyrhapsody.exe:*:Enabled:Rhapsody Media Player"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsUsernameApplication Data
CLASSPATH=.;C:Program FilesJavaj2re1.4.2_03libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=DSKTOP26
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and Settingsusername
LOGONSERVER=DSKTOP26
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesIntelDMIX;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavaj2re1.4.2_03libextQTJava.zip
SESSIONNAME=Console
SonicCentral=C:Program FilesCommon FilesSonic SharedSonic Central
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1MAUREE~1LOCALS~1Temp
TMP=C:DOCUME~1MAUREE~1LOCALS~1Temp
USERDOMAIN=DSKTOP26
USERNAME=username
USERPROFILE=C:Documents and Settingsusername
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

username.abcd (admin)
administrator.abcd (admin)
username2 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
--> C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
--> C:WINDOWSsystem32MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:WINDOWSsystem32MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:WINDOWSsystem32MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:WINDOWSsystem32MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> C:Program FilesAVGAVG8setup.exe /UNINSTALL
AXIS Media Control Embedded --> C:Program FilesAxis CommunicationsAXIS Media Control Embeddedsetup.exe setup.rem remove
AXIS Media Control Embedded Installer --> MsiExec.exe /I{FD727056-F0C4-4811-9688-9EBF450D22C4}
Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonIXY200A PSS200 IXUSV2 WIAUninst.isu" -c"C:Program FilesCanonIXY200A PSS200 IXUSV2 WIAUNSTE116.dll"
Canon PhotoRecord --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonPhotoRecordUninst.isu" -c"C:Program FilesCanonPhotoRecordProgramuninstdll.dll"
Canon Utilities PhotoStitch 3.1 --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonPhotoStitchUninst.isu"
Canon Utilities RAW Image Converter2 --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonRAW Image Converter2Uninst.isu"
Canon Utilities RemoteCapture 2.4 --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonRemoteCaptureUninst.isu"
Canon Utilities ZoomBrowser EX --> C:WINDOWSIsUninst.exe -f"C:Program FilesCanonZoomBrowser EXUninst.isu" -c"C:Program FilesCanonZoomBrowser EXProgramuninstallutilities.dll"
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:program filesgooglegoogletoolbar4.dll"
High Definition Audio Driver Package - KB835221 --> C:WINDOWS$NtUninstallKB835221WXP$spuninstspuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
IntelŪ Graphics Media Accelerator Driver --> RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx2ID PCIVEN_8086&DEV_2776 PCIVEN_8086&DEV_2772
IntelŪ PRO Network Connections Software v9.2.4.11 --> C:Program FilesIntelDMIXuninstDxSetup.exe /x /qr /le C:DOCUME~1ADMINI~1LOCALS~1TempPROSetDXDMIXDxUninst.log
IntelŪ PROSafe for Wired Connections --> MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
IntelŪ PROSafe for Wired Connections --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-09-23 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-01-10 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod for Windows 2006-06-28 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iPod Updater 2004-11-15 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
JamBase Rhapsody --> C:PROGRA~1JAMBAS~1Unwise32.exe /A C:PROGRA~1JAMBAS~1install.log
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Driver Installation --> MsiExec.exe /I{70CCD7C5-39E3-40C4-92CB-0A4281CE3B99}
PaperPort --> MsiExec.exe /I{88D577B1-3E9D-4281-BD99-9107669CE4ED}
PowerDVD 5.5 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe" -uninstall
Print-IT Client 5.9 --> MsiExec.exe /I{51E8F381-F020-41FC-BD6C-F4A579D8945E}
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Viewpoint Media Player --> C:Program FilesViewpointViewpoint Experience TechnologymtsAxInstaller.exe /u
Visioneer OneTouch 9320 --> C:PROGRA~1VISION~1UNWISE.EXE C:PROGRA~1VISION~1INSTALL.LOG
WebDrive --> MsiExec.exe /X{F08E87FD-F62B-4BAC-A2D6-A94755653F30}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7532 / Warning
Event Submitted/Written: 07/15/2008 07:00:45 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type7531 / Warning
Event Submitted/Written: 07/15/2008 07:00:41 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type7530 / Warning
Event Submitted/Written: 07/15/2008 07:00:41 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type7526 / Warning
Event Submitted/Written: 07/15/2008 06:59:27 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7523 / Warning
Event Submitted/Written: 07/15/2008 06:06:43 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22277 / Warning
Event Submitted/Written: 07/15/2008 09:55:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DSKTOP2627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DSKTOP2627 can't undo changes that you allow.

For more information please see the following:
%DSKTOP26275

Scan ID: {E2555179-4B4D-4F0E-AF63-7E2F5D0572BE}

User: DSKTOPusername

Name: %DSKTOP26271

ID: %DSKTOP26272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DSKTOP26276

Alert Type: %DSKTOP26278

Detection Type: 1.1.1593.02

Event Record #/Type22276 / Warning
Event Submitted/Written: 07/15/2008 09:55:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DSKTOP2627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DSKTOP2627 can't undo changes that you allow.

For more information please see the following:
%DSKTOP26275

Scan ID: {90F0B7DF-4A90-4F21-82DB-28300D0EC8C7}

User: DSKTOPusername

Name: %DSKTOP26271

ID: %DSKTOP26272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DSKTOP26276

Alert Type: %DSKTOP26278

Detection Type: 1.1.1593.02

Event Record #/Type22225 / Error
Event Submitted/Written: 07/15/2008 06:02:25 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.20.137 for the Network Card with network address 00123F9F6F67 has been
denied by the DHCP server 192.168.24.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type22181 / Error
Event Submitted/Written: 07/14/2008 02:12:18 PM
Event ID/Source: 3006 / WinDefend
Event Description:
%DSKTOP2627 Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software.

For more information please see the following:
%DSKTOP26275

Scan ID: {5F61F94E-D615-4888-899B-2A22F5324601}

User: DSKTOPusername

Name: %DSKTOP26271

ID: %DSKTOP26272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path: %DSKTOP26276

Alert Type: %DSKTOP26278

Action: 1.1.1593.00

Error Code: 1.1.1593.01

Error description: 1.1.1593.02

Event Record #/Type22180 / Warning
Event Submitted/Written: 07/14/2008 02:11:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DSKTOP2627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DSKTOP2627 can't undo changes that you allow.

For more information please see the following:
%DSKTOP26275

Scan ID: {1BDE3D06-CF08-4656-8688-44E4672C0B1F}

User: DSKTOPusername

Name: %DSKTOP26271

ID: %DSKTOP26272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DSKTOP26276

Alert Type: %DSKTOP26278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-15 21:55:43 ------------

Missed the hijackthis part of dss
Here is HiJackThis log:

Thanks,

Chronk

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:23, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32PNUpdate.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWebDrivewdService.exe
C:WINDOWSExplorer.EXE
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesVisioneer OneTouchOneTouchMon.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgtray.exe
C:Program FilesTrend MicroScannerHijackThis.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32iftuyszv.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {0F92B76E-075A-453B-8AC3-B5047FB2829B} - C:Program FilesWindows Media Playerhokewoc66225.dll (file missing)
O2 - BHO: (no name) - {1566E61A-25F6-4CEC-8724-483B59B3225C} - C:WINDOWSsystem32urqOHAQk.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {D8811437-EAE7-4E41-AA8A-1227B03CB74F} - C:WINDOWSsystem32iifGArsr.dll (file missing)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:WINDOWSsystem32vtUNddee.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [PaperPort PTD] C:Program FilesScanSoftPaperPortpptd40nt.exe
O4 - HKLM..Run: [IndexSearch] C:Program FilesScanSoftPaperPortIndexSearch.exe
O4 - HKLM..Run: [OneTouch Monitor] C:Program FilesVisioneer OneTouchOneTouchMon.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (PNUP.Version) - http://lb.officedesklive.com/eolupcli.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197657253531
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C927DDDB-8BE9-4C1B-BDEF-CD60C75A5A05} - http://lb.officedesklive.com/pnupcli.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: vtUNddee - vtUNddee.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:WINDOWSportsv.exe (file missing)
O23 - Service: Provision Networks Update Service (PNUpdate) - Provision Networks - C:WINDOWSsystem32PNUpdate.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:Program FilesWebDrivewdService.exe

--
End of file - 8074 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 16 July 2008 - 03:45 PM.


BC AdBot (Login to Remove)

 


#2 chronk

chronk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 18 July 2008 - 09:11 AM

Well my friend wants her computer back, so I looked at some of the self help info and ran Malewarebytes and then selected to clean all.


First off I forgot to mention that the computer had POP UP ADs popping up contstantly in IE.

I found Gooochi Browser Optimizer in Add/ Remove and removed that first thing.
Then removed
Antispywaremaster following directions from:

http://www.symantec.com/security_response/...-99&tabid=3

Then after waiting a day or so and reading up on Maleware removal I ran the Malewarebytes MBAM
and dss and HJT.


Here is the before:

Malwarebytes' Anti-Malware 1.20
Database version: 960
Windows 5.1.2600 Service Pack 2

5:22:20 PM 7/16/2008
mbam-log-7-16-2008 (17-22-20).txt

Scan type: Quick Scan
Objects scanned: 58788
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 16
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\shcn1nj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\105772 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\expo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inet2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\shcn1nj0et77\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\177.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\183.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\187.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\18B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\191.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\195.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\199.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcg1nj0et77.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Install (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name Witheld\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.



AND

Here is the

AFTER:




Malwarebytes' Anti-Malware 1.20
Database version: 960
Windows 5.1.2600 Service Pack 2

6:57:51 PM 7/16/2008
mbam-log-7-16-2008 (18-57-51).txt

Scan type: Quick Scan
Objects scanned: 57647
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==========================================================
K A P E R S K Y Online Scan Also now Reports nothing.

I deleted a couple of keys with no name from H J T Log - with dlls that could not be found.

The original problem was Internet Explorer Pop Ups > That is not happening now.

I know you people would have helped and I much appreciate it.

Will check back in if I ever need any help and hopefully enough time to receiv your help.
===========================================================


No more pop ups and Kapersky and MBAM report clean.
My friend wants her computer back so I cannot have anyone look further into this matter after today.

Thanks for all you do!!

Chronk

#3 markamus

markamus

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:06:11 PM

Posted 04 August 2008 - 02:22 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Posted Image

A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. - Winston Churchill




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users