Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo, Maybe - No Av Sites, Gmail, Etc. Will Load


  • Please log in to reply
1 reply to this topic

#1 the420star

the420star

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 16 July 2008 - 06:02 PM

I have had pop ups for vundo and have removed them. I have also run SDFix in safe mode, and it said it removed stuff, a few cookies and a .dll but i still can not access AV or other sites. I am getting worried that i am going to have to reformat. I have attached the required log files. I am running Norton AV and it is up todate. please let me know if i need to provide more info.

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------



-- System Information ----------------------------------------------------------



Microsoft Windows XP Home Edition (build 2600) SP 3.0

Architecture: X86; Language: English



CPU 0: Intel® Pentium® 4 CPU 3.00GHz

Percentage of Memory in Use: 30%

Physical Memory (total/avail): 2046.09 MiB / 1413.88 MiB

Pagefile Memory (total/avail): 4892.38 MiB / 4327.27 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1925.14 MiB



C: is Fixed (NTFS) - 61.41 GiB total, 26 GiB free.

D: is Fixed (NTFS) - 232.88 GiB total, 132.69 GiB free.

E: is CDROM (No Media)

F: is Removable (FAT)



\\.\PHYSICALDRIVE1 - WDC WD2500JS-19MHB0 - 232.88 GiB - 1 partition

\PARTITION0 - Installable File System - 232.88 GiB - D:



\\.\PHYSICALDRIVE0 - WDC WD800JD-75JNC0 - 74.5 GiB - 5 partitions

\PARTITION0 - Unknown - 54.88 MiB

\PARTITION1 (bootable) - Installable File System - 61.41 GiB - C:

\PARTITION2 - Unknown - 3.2 GiB

\PARTITION3 - Extended Partition - 9.83 GiB



\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device - 1937.53 MiB - 1 partition

\PARTITION0 - MS-DOS V4 Huge - 1938.38 MiB - F:







-- Security Center -------------------------------------------------------------



AUOptions is scheduled to auto-install.





-- Environment Variables -------------------------------------------------------



ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Garrett Lovejoy\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=D4FLQT71

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Garrett Lovejoy

LOGONSERVER=\\D4FLQT71

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0403

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\GARRET~1\LOCALS~1\Temp

TMP=C:\DOCUME~1\GARRET~1\LOCALS~1\Temp

USERDOMAIN=D4FLQT71

USERNAME=Garrett Lovejoy

USERPROFILE=C:\Documents and Settings\Garrett Lovejoy

windir=C:\WINDOWS





-- User Profiles ---------------------------------------------------------------



Garrett Lovejoy (admin)

Administrator (new local, admin)





-- Add/Remove Programs ---------------------------------------------------------



--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNRecode.exe /UNINSTALL

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

AIM 6 --> C:\Program Files\AIM6\uninst.exe

Amazon MP3 Downloader 1.0.3 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"

Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly

Belkin Bulldog Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}\Setup.exe" -l0x9

Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}

ccCommon --> MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D}

ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}

CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}

CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall

Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

DVD-CLONER V4.50 Build 922 --> "C:\Program Files\Dvd-cloner\unins000.exe"

FrostWire 4.13.2.0 --> C:\Program Files\FrostWire\Uninstall.exe

Handbrake 0.9.2 --> C:\Program Files\Handbrake\uninst.exe

High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}

Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST

Intel® PRO Network Connections Software v9.2.4.11 --> C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log

Intel® PROSafe for Wired Connections --> MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}

Intel® PROSafe for Wired Connections --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}

iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}

LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}

Logitech Harmony Remote Software 7 --> C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly

Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.00.1217\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.00" /clone_wait /hide_progress

Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}

Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress

Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly

Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}

MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}

Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly

Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Garrett Lovejoy\Application Data\Move Networks\ie_bin\Uninst.exe

Mozilla Firefox (2.0.0.11) --> C:\progra~1\Mozilla Firefox\uninstall\helper.exe

Mozilla Firefox (3.0) --> C:\program files\Mozilla Firefox 3 Beta 2\uninstall\helper.exe

MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}

MusicBrainz Picard 0.7.2 --> C:\Program Files\MusicBrainz Picard\uninst.exe

MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}

Nero 8 --> MsiExec.exe /X{6F8A555E-F2E1-415D-AD8A-67C0A7671033}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}

Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}

Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}

Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}

Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}

Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}

Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}

Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}

Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}

Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}

Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}

Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X

Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}

Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}

Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}

ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall

PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9

PC Wizard 2008.1.80 --> "C:\Program Files\PC Wizard 2008\unins000.exe"

PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}

PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe

Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}

Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}

QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"

Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"

Remote Control USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly

Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini"

Replay Converter 2.8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\iruninRCV.ini"

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SlingPlayer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033

SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

Steganos Safe 2007 --> C:\Program Files\Steganos Safe 2007\uninstall.exe

Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui

VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"

Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat

WebEx --> C:\PROGRA~1\MOZILL~2\plugins\atcliun.exe

Winamp --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"

Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}





-- Application Event Log -------------------------------------------------------



Event Record #/Type12378 / Warning

Event Submitted/Written: 07/16/2008 06:36:47 PM

Event ID/Source: 32068 / Microsoft Fax

Event Description:

The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.

Country/region code: '*'

Area code: '*'



Event Record #/Type12377 / Warning

Event Submitted/Written: 07/16/2008 06:36:47 PM

Event ID/Source: 32026 / Microsoft Fax

Event Description:

Fax Service failed to initialize any assigned fax devices (virtual or TAPI).

No faxes can be sent or received until a fax device is installed.



Event Record #/Type12356 / Warning

Event Submitted/Written: 07/16/2008 05:51:03 PM

Event ID/Source: 32068 / Microsoft Fax

Event Description:

The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.

Country/region code: '*'

Area code: '*'



Event Record #/Type12355 / Warning

Event Submitted/Written: 07/16/2008 05:51:03 PM

Event ID/Source: 32026 / Microsoft Fax

Event Description:

Fax Service failed to initialize any assigned fax devices (virtual or TAPI).

No faxes can be sent or received until a fax device is installed.



Event Record #/Type12336 / Warning

Event Submitted/Written: 07/16/2008 05:30:06 PM

Event ID/Source: 32068 / Microsoft Fax

Event Description:

The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.

Country/region code: '*'

Area code: '*'







-- Security Event Log ----------------------------------------------------------



No Errors/Warnings found.





-- System Event Log ------------------------------------------------------------



Event Record #/Type15614 / Error

Event Submitted/Written: 07/16/2008 06:37:01 PM

Event ID/Source: 7023 / Service Control Manager

Event Description:

The System Restore Service service terminated with the following error:

%%2



Event Record #/Type15613 / Warning

Event Submitted/Written: 07/16/2008 06:36:58 PM

Event ID/Source: 825 / Rasman

Event Description:

The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAPAgent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.



Event Record #/Type15612 / Error

Event Submitted/Written: 07/16/2008 06:36:58 PM

Event ID/Source: 10016 / DCOM

Event Description:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.



Event Record #/Type15611 / Error

Event Submitted/Written: 07/16/2008 06:36:38 PM

Event ID/Source: 104 / SRService

Event Description:

The System Restore initialization process failed.



Event Record #/Type15610 / Error

Event Submitted/Written: 07/16/2008 06:35:51 PM / 07/16/2008 06:36:30 PM

Event ID/Source: 55 / Ntfs

Event Description:

The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume D:.







-- End of Deckard's System Scanner: finished at 2008-07-16 18:42:31 ------------


Deckard's System Scanner v20071014.68

Run by Garrett Lovejoy on 2008-07-16 18:40:24

Computer is in Normal Mode.

--------------------------------------------------------------------------------



-- System Restore --------------------------------------------------------------



Failed to create restore point; System Restore is disabled (service is not running).





Backed up registry hives.

Performed disk cleanup.







-- HijackThis (run as Garrett Lovejoy.exe) -------------------------------------



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:41:31 PM, on 7/16/2008

Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe

C:\Program Files\Steganos Safe 2007\SteganosHotKeyService.exe

C:\Program Files\Steganos Safe 2007\SteganosAgent.exe

C:\Program Files\Steganos Safe 2007\fredirstarter.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\program files\mozilla firefox 3 beta 2\firefox.exe

C:\Documents and Settings\Garrett Lovejoy\Desktop\dss.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Garrett Lovejoy.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe

O4 - HKLM\..\Run: [SAFE2007 HotKeys] C:\Program Files\Steganos Safe 2007\SteganosHotKeyService.exe

O4 - HKLM\..\Run: [SAFE2007 Agent] C:\Program Files\Steganos Safe 2007\SteganosAgent.exe

O4 - HKLM\..\Run: [SAFE2007 File Redirection Starter] C:\Program Files\Steganos Safe 2007\fredirstarter.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [BM3b412c39] Rundll32.exe "C:\WINDOWS\system32\mxdevjsc.dll",s

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 11.0.0.1217 (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212444302093

O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/weddingda...sh.1.0.0.47.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe



--

End of file - 10836 bytes



-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------



backup-20080716-001152-654 O20 - Winlogon Notify: ssqNDVNg - ssqNDVNg.dll (file missing)

backup-20080716-001217-304 O2 - BHO: (no name) - {D840C416-7AFD-4026-8C0F-8303737287CB} - C:\WINDOWS\system32\hgGaywXR.dll

backup-20080716-001217-524 O2 - BHO: (no name) - {D7F9DF29-7A42-4910-9481-B8838CFDD266} - C:\WINDOWS\system32\ssqNDVNg.dll (file missing)

backup-20080716-001237-347 O2 - BHO: (no name) - {D840C416-7AFD-4026-8C0F-8303737287CB} - C:\WINDOWS\system32\hgGaywXR.dll

backup-20080716-001305-897 O2 - BHO: {794dd10a-5ae6-29fa-b2e4-599225550090} - {09005552-2995-4e2b-af92-6ea5a01dd497} - C:\WINDOWS\system32\vxhcnp.dll

backup-20080716-001332-285 O2 - BHO: (no name) - {D840C416-7AFD-4026-8C0F-8303737287CB} - C:\WINDOWS\system32\hgGaywXR.dll

backup-20080716-001600-160 O2 - BHO: (no name) - {D840C416-7AFD-4026-8C0F-8303737287CB} - C:\WINDOWS\system32\hgGaywXR.dll

backup-20080716-002239-217 O2 - BHO: (no name) - {D840C416-7AFD-4026-8C0F-8303737287CB} - C:\WINDOWS\system32\hgGaywXR.dll (file missing)

backup-20080716-002326-297 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

backup-20080716-003319-428 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local



-- File Associations -----------------------------------------------------------



.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*





-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------



R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

R1 SLEE_14_DRIVER (Steganos Live Encryption Engine 14 [Driver]) - c:\windows\system32\drivers\sleen14.sys <Not Verified; Softwareentwicklung Remus - ArchiCrypt; ArchiCrypt Live Engine>

R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech, Inc.; Logitech SetPoint™>



S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>

S3 catchme - c:\docume~1\garret~1\locals~1\temp\catchme.sys (file missing)

S3 NPF (WinPcap Packet Driver (NPF)) - c:\windows\system32\drivers\npf.sys (file missing)

S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)

S3 SecBulk (SECBULK.sys, SEC SOC USBD Driver) - c:\windows\system32\drivers\secbulk.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S4 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing)





-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------



R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 UPSentry_Smart (UPS - UPSentry Service) - "c:\program files\belkin bulldog plus\ups-service.exe"



S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>





-- Device Manager: Disabled ----------------------------------------------------



Class GUID: TI Technologies Inc.

Description: RADEON X300 SE 128MB HyperMemory Secondary

Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1A646D2D&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON X300 SE 128MB HyperMemory Secondary

PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1A646D2D&0&0108

Service: ati2mtag





-- Scheduled Tasks -------------------------------------------------------------



2008-07-16 06:40:42 568 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Garrett Lovejoy.job

2008-07-03 13:51:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job





-- Files created between 2008-06-16 and 2008-07-16 -----------------------------



2008-07-16 17:39:11 0 d-------- C:\WINDOWS\ERUNT

2008-07-16 00:09:51 0 d-------- C:\Program Files\Trend Micro

2008-07-15 23:36:54 78848 --a------ C:\WINDOWS\system32\ykitsomd.dll

2008-07-15 23:34:44 103936 --a------ C:\WINDOWS\system32\wthkxybt.dll

2008-07-15 23:34:36 92160 --a------ C:\WINDOWS\system32\mxdevjsc.dll

2008-07-15 22:43:11 0 d-------- C:\WINDOWS\pss

2008-07-14 22:12:01 0 d-------- C:\Program Files\Lavasoft

2008-07-14 22:12:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-07-14 22:11:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-07-14 21:05:25 102400 --a------ C:\WINDOWS\system32\cdgcrp.dll

2008-07-14 21:05:23 102400 --a------ C:\WINDOWS\system32\nfmtaoep.dll

2008-07-14 21:03:17 102400 --a------ C:\WINDOWS\system32\bthpje.dll

2008-07-14 21:03:16 102400 --a------ C:\WINDOWS\system32\sasqcrsq.dll

2008-07-14 21:03:08 0 --a------ C:\WINDOWS\system32\iakgwdfw.dll

2008-07-07 22:45:24 0 --a------ C:\WINDOWS\system32\niibqd.dll

2008-07-07 22:45:23 0 --a------ C:\WINDOWS\system32\taeebxnc.dll

2008-07-06 22:41:20 724678 --ahs---- C:\WINDOWS\system32\RXwyaGgh.ini2

2008-07-06 21:38:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla

2008-07-06 21:37:26 0 d--h----- C:\Documents and Settings\Administrator\Templates

2008-07-06 21:37:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu

2008-07-06 21:37:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo

2008-07-06 21:37:26 0 dr-h----- C:\Documents and Settings\Administrator\Recent

2008-07-06 21:37:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood

2008-07-06 21:37:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood

2008-07-06 21:37:26 0 dr------- C:\Documents and Settings\Administrator\My Documents

2008-07-06 21:37:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings

2008-07-06 21:37:26 0 dr------- C:\Documents and Settings\Administrator\Favorites

2008-07-06 21:37:26 0 d-------- C:\Documents and Settings\Administrator\Desktop

2008-07-06 21:37:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies

2008-07-06 21:37:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data

2008-07-06 21:37:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec

2008-07-06 21:37:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun

2008-07-06 21:37:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2008-07-06 21:37:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc

2008-07-06 21:37:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities

2008-07-06 21:37:26 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek

2008-07-06 21:37:25 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT

2008-06-27 07:12:50 0 d-------- C:\Program Files\PC Inspector File Recovery

2008-06-27 06:55:22 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP





-- Find3M Report ---------------------------------------------------------------



2008-07-16 18:41:40 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-07-16 18:40:19 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\Skype

2008-07-16 18:39:49 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2

2008-07-16 18:37:24 0 d-------- C:\Program Files\Common Files

2008-07-14 21:15:54 0 d-------- C:\Program Files\Skype

2008-07-14 16:50:55 0 d-------- C:\Program Files\Java

2008-07-02 20:15:16 0 d-------- C:\Program Files\Replay AV 8

2008-07-02 20:02:46 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\FrostWire

2008-07-01 20:16:53 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\Move Networks

2008-06-30 14:49:40 0 d-------- C:\Program Files\Norton Internet Security

2008-06-27 18:14:19 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\U3

2008-06-27 07:12:50 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-06-10 22:58:11 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\AdobeUM

2008-06-08 20:48:45 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\Creative

2008-06-08 20:48:07 0 d-------- C:\Program Files\Spontania Video Collaboration

2008-06-08 20:47:15 0 d-------- C:\Program Files\321Studios

2008-06-08 20:46:58 0 d-------- C:\Program Files\ATITool

2008-06-08 20:38:36 0 d-------- C:\Program Files\Pamela

2008-06-08 20:38:36 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\Pamela

2008-06-08 20:35:09 0 d-------- C:\Program Files\Replay Converter

2008-06-08 20:35:07 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>

2008-06-04 23:08:33 0 d-------- C:\Program Files\Quicken

2008-06-02 18:58:29 0 d-------- C:\Documents and Settings\Garrett Lovejoy\Application Data\Amazon

2008-06-02 18:56:49 0 d-------- C:\Program Files\Amazon

2008-06-02 18:19:30 0 d-------- C:\Program Files\Movie Maker

2008-06-02 18:11:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-06-01 20:02:26 0 d-------- C:\Program Files\Common Files\LogiShrd

2008-06-01 20:02:23 0 d-------- C:\Program Files\Logitech

2008-05-20 22:23:21 0 d-------- C:\Program Files\GPLGS

2008-05-20 22:22:28 0 d-------- C:\Program Files\Acro Software

2008-05-18 19:47:03 0 d-------- C:\Program Files\RealVNC





-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [04/25/2005 09:50 AM]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/09/2006 09:05 PM]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/2008 05:36 PM]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [07/09/2007 07:47 PM]

"UPS-Status"="C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe" [11/15/2006 12:22 PM]

"SAFE2007 HotKeys"="C:\Program Files\Steganos Safe 2007\SteganosHotKeyService.exe" [09/19/2006 04:39 AM]

"SAFE2007 Agent"="C:\Program Files\Steganos Safe 2007\SteganosAgent.exe" [09/19/2006 04:39 AM]

"SAFE2007 File Redirection Starter"="C:\Program Files\Steganos Safe 2007\fredirstarter.exe" [09/14/2006 08:40 AM]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]

"BM3b412c39"="C:\WINDOWS\system32\mxdevjsc.dll" [07/15/2008 11:34 PM]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]

"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]

"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [11/08/2007 08:24 PM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/01/2007 01:26 AM]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]



[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 11.0.0.1217



C:\Documents and Settings\Garrett Lovejoy\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [7/27/2007 8:41:05 PM]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/21/2007 8:49:34 PM]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGaywXR



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\38721fa5]

rundll32.exe "C:\WINDOWS\system32\ykitsomd.dll",b



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3b412c39]

Rundll32.exe "C:\WINDOWS\system32\mxdevjsc.dll",s



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

KHALMNPR.EXE



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcngfj0e58t]

C:\WINDOWS\system32\lphcngfj0e58t.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]





[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"Viewpoint Manager Service"=2 (0x2)

"Nero BackItUp Scheduler 3"=2 (0x2)

"IDriverT"=3 (0x3)

"Bonjour Service"=2 (0x2)

"ATI Smart"=2 (0x2)

"Adobe LM Service"=3 (0x3)



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

eapsvcs eaphost

dot3svc dot3svc



HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

napagent

hkmsvc





[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb123fbb-b885-11dc-a006-00123f6eea18}]

AutoRun\command- G:\LaunchU3.exe -a









-- End of Deckard's System Scanner: finished at 2008-07-16 18:42:31 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:13 PM

Posted 17 July 2008 - 04:50 AM

Hello The420star and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users