Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 Nemcon

Nemcon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 21 July 2008 - 02:05 PM

Hello, I've been working on a friend's computer, he had a bunch of problems with smitfraud and CoolWebSearch, I took them out (i think), and now he gets popups from AVG saying Trojans are being found. Here is the HJT log from running after a reboot of fixing stuff:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:55 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device

SupportbinAppleMobileDeviceService.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesTightVNCWinVNC.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVG7avgcc.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32ctfmon.exe


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:Program FilesJavajre1.5.0_10binssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -

C:Program FilesStylerTBStylerTB.dll
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon

FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program

FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program

FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe

/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe

/RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe

/RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:Program FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program

FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:Program FilesAIMaim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork

Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program

FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/gs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security

Services Control) -

http://tmss.trendmicro.com/Dashboard/contr.../en-US/TMSSRepo

rtW.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/m...101/mcinsctl.ca

b
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo

Uploader Control) -

http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin

Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program

FilesCommon FilesAppleMobile Device

SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company -

C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -

C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:Program

FilesiPodbiniPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:Program

FilesTightVNCWinVNC.exe

--
End of file - 5195 bytes

Forgot DSS Logs:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-21 15:11:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-21 19:11:59 UTC - RP554 - Deckard's System Scanner Restore Point
9: 2008-07-19 22:13:42 UTC - RP553 - Last known good configuration
8: 2008-07-19 22:13:35 UTC - RP552 - System Checkpoint
7: 2008-07-19 22:13:35 UTC - RP551 - System Checkpoint
6: 2008-07-19 22:13:35 UTC - RP550 - System Checkpoint


-- First Restore Point --
1: 2008-07-19 22:13:20 UTC - RP545 - Removed HP Photosmart Essential


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:31 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesTightVNCWinVNC.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVG7avgcc.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32ctfmon.exe
C:Documents and SettingsOwnerDesktopdss.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:Program FilesStylerTBStylerTB.dll
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/gs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:Program FilesTightVNCWinVNC.exe

--
End of file - 5183 bytes

-- HijackThis Fixed Entries -------------

backup-20080721-140251-134 O4 - HKCU..Run: [Sys12CD.exe] C:WindowsSys12CD.exe
backup-20080721-140251-182 O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:WINDOWSqndsfmao.dll (file missing)
backup-20080721-140251-208 O2 - BHO: (no name) - {963018EB-5E3E-4B3E-8AEF-63F2F45EF3C7} - C:WINDOWSsystem32wvUllmJY.dll (file missing)
backup-20080721-140251-318 O20 - Winlogon Notify: rqRkkIXP - rqRkkIXP.dll (file missing)
backup-20080721-140251-408 O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...ICCHAHJGHGIEEJI (file missing)
backup-20080721-140251-564 O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
backup-20080721-140251-648 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080721-140251-673 O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
backup-20080721-140251-680 O2 - BHO: QXK Olive - {812AE34E-162C-4C94-BAA1-A2C0431AEC84} - C:WINDOWSkgxmotapktx.dll
backup-20080721-140251-734 O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
backup-20080721-140251-764 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
backup-20080721-140251-857 O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - C:WINDOWSsystem32rqRkkIXP.dll (file missing)
backup-20080721-140251-868 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 195.175.37.71:8080
backup-20080721-140251-877 O2 - BHO: {37b0e9bc-7950-f948-1844-ed783325ddcf} - {fcdd5233-87de-4481-849f-0597cb9e0b73} - C:WINDOWSsystem32lebmuy.dll
backup-20080721-140251-936 O4 - HKLM..Run: [Sys12CD.exe] C:WindowsSys12CD.exe
backup-20080721-140251-947 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:Program FilesBitComettoolsBitCometBHO_1.1.11.30.dll/206 (file missing)
backup-20080721-140251-965 O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...ICCHAHJGHGIEEJI (file missing)
backup-20080721-140252-598 O21 - SSODL: kvxqmtre - {98AF99E6-0DFB-4785-ADFC-36EADCABD637} - C:WINDOWSkvxqmtre.dll
backup-20080721-140252-854 O21 - SSODL: evgratsm - {5838A896-289D-465E-981E-A81748A02C19} - C:WINDOWSevgratsm.dll (file missing)
backup-20080721-140556-551 O4 - HKLM..Run: [b4987f94] rundll32.exe "C:WINDOWSsystem32dbimtlur.dll",b
backup-20080721-140556-634 O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe"
backup-20080721-143631-181 O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shellopencommand - regedit.exe "%1" %*
.scr - scrfile - shellopencommand - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SbcpHid - c:windowssystem32driverssbcphid.sys

S3 USBAAPL (Apple Mobile USB Driver) - c:windowssystem32driversusbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:program filesviewpointcommonviewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 winvnc (VNC Server) - "c:program filestightvncwinvnc.exe" -service <Not Verified; TightVNC Group; TightVNC Win32 Server>

S4 Bonjour Service - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 LicCtrlService (LicCtrl Service) - c:windowsrunservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCIVEN_10EC&DEV_8139&SUBSYS_3189109F&REV_104&3B90381F&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCIVEN_10EC&DEV_8139&SUBSYS_3189109F&REV_104&3B90381F&0&10F0
Service: rtl8139


-- Scheduled Tasks -------------------------------------------------------------

2008-07-17 23:21:02 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job


-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 14:42:17 0 d-------- C:Documents and SettingsOwnerApplication DataMalwarebytes
2008-07-21 14:42:14 0 d-------- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-07-21 14:42:13 0 d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-07-21 14:21:47 1774 --a------ C:WINDOWSsystem32tmp.reg
2008-07-21 14:21:18 25600 --a------ C:WINDOWSsystem32WS2Fix.exe
2008-07-21 14:21:18 289144 --a------ C:WINDOWSsystem32VCCLSID.exe <Not Verified; S!Ri; >
2008-07-21 14:21:18 86528 --a------ C:WINDOWSsystem32VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-21 14:21:18 288417 --a------ C:WINDOWSsystem32SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-21 14:21:18 53248 --a------ C:WINDOWSsystem32Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-21 14:21:18 82944 --a------ C:WINDOWSsystem32IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-21 14:21:18 51200 --a------ C:WINDOWSsystem32dumphive.exe
2008-07-21 14:21:18 81920 --a------ C:WINDOWSsystem32404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-19 23:35:39 0 d-------- C:Documents and SettingsAdministratorApplication DataAVG7
2008-07-19 18:16:07 116864 --a------ C:WINDOWSsystem32xtxkhf.dll
2008-07-19 18:16:06 116864 --a------ C:WINDOWSsystem32tjuyfsvw.dll
2008-07-19 18:10:33 446335 --ahs---- C:WINDOWSsystem32YJmllUvw.ini2
2008-07-19 18:04:49 0 d-------- C:Documents and SettingsOwnerApplication DataTmpRecentIcons
2008-07-12 11:33:38 0 d-------- C:Documents and SettingsOwnerApplication DataLeadertech
2008-07-10 23:29:00 0 d-------- C:Program FilesiTunes
2008-07-06 18:09:44 0 d-------- C:Program FilesSecond Sight Software
2008-07-06 18:06:02 0 d-------- C:Documents and SettingsOwnerApplication DataTalkback
2008-07-02 00:08:28 0 d-------- C:Program FilesQuickTime
2008-06-25 12:14:54 0 d-------- C:Documents and SettingsAll UsersApplication Dataacccore


-- Find3M Report ---------------------------------------------------------------

2008-07-21 13:42:20 0 d-------- C:Documents and SettingsOwnerApplication DataAVG7
2008-07-21 13:41:12 825 --ahs---- C:WINDOWSsystem32mmf.sys
2008-07-20 16:57:01 0 d-------- C:Documents and SettingsOwnerApplication DatauTorrent
2008-07-12 11:34:09 0 d-------- C:Program FilesAWalkInThePark_at
2008-07-12 11:33:04 0 d-------- C:Program FilesLimeWire
2008-07-12 11:32:37 0 d-------- C:Program FilesCommon Files
2008-07-10 23:29:16 0 d-------- C:Program FilesiPod
2008-07-10 15:30:15 0 d-------- C:Program FilesWinamp
2008-07-10 01:30:13 0 d-------- C:Documents and SettingsOwnerApplication DataMozilla
2008-06-25 12:15:16 0 d-------- C:Program FilesAIM6
2008-06-17 22:54:19 0 d-------- C:Documents and SettingsOwnerApplication DataAdobe
2008-06-17 21:50:45 0 d-------- C:Program FilesGoogle
2008-06-16 14:49:19 0 d-------- C:Program FilesStepMania
2008-06-16 14:48:40 0 d-------- C:Program FilesInterActual
2008-06-16 14:45:36 0 d-------- C:Program FilesYahoo!
2008-06-16 14:42:33 0 d-------- C:Program FilesCall of Duty Game of the Year Edition
2008-06-12 21:48:04 0 d-------- C:Documents and SettingsOwnerApplication DataAim
2008-06-11 19:42:40 1499 --a------ C:WINDOWSmozver.dat
2008-05-26 19:50:53 0 d-------- C:Documents and SettingsOwnerApplication Datagtk-2.0
2008-05-24 12:59:31 0 d-------- C:Documents and SettingsOwnerApplication DataGoogle


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [04/19/2008 08:46 AM]
"AppleSyncNotifier"="C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 08:00 AM]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableRegedit"=0 (0x0)

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32wvUllmJY

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Digital Imaging Monitor.lnk
backup=C:WINDOWSpssHP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupKodak EasyShare software.lnk
backup=C:WINDOWSpssKodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk
backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupPost-it® Software Notes Lite.lnk
backup=C:WINDOWSpssPost-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:Documents and SettingsOwnerStart MenuProgramsStartupStardock ObjectDock.lnk
backup=C:WINDOWSpssStardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Owner^Start Menu^Programs^Startup^Styler.lnk]
path=C:Documents and SettingsOwnerStart MenuProgramsStartupStyler.lnk
backup=C:WINDOWSpssStyler.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader]
"C:Program FilesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
"C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAIM]
C:Program FilesAIMaim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAim6]


[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregares]
"C:Program FilesAresAres.exe" -h

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBitComet]
"C:Program FilesBitCometBitComet.exe" /tray

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregChatango]
C:Program FilesChatangoChatango.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
C:WINDOWSsystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDeadAIM]
rundll32.exe "C:PROGRA~1AIMDeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHotKeysCmds]
C:WINDOWSsystem32hkcmd.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
C:Program FilesHPHP Software UpdateHPWuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIgfxTray]
C:WINDOWSsystem32igfxtray.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
"C:Program FilesiTunesiTunesHelper.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
%systemroot%system32dumprep 0 -k

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMCAgentExe]
c:PROGRA~1mcafee.comagentmcagent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMISAggregator]


[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMPFTray]
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
"C:Program FilesMessengermsmsgs.exe" /background

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOASClnt]
C:Program FilesMcAfee.comVSOoasclnt.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOrb]
"C:Program FilesWinamp RemotebinOrbTray.exe" /background

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
"C:Program FilesQuickTimeQTTask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
"C:Program FilesJavajre1.5.0_10binjusched.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVirusScan Online]
C:Program FilesMcAfee.comVSOmcvsshld.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVSOCheckTask]
"C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinVNC]
"C:Program FilesTightVNCWinVNC.exe" -servicehelper

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"Bonjour Service"=2 (0x2)
"LicCtrlService"=2 (0x2)
"IDriverT"=3 (0x3)


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{10001550-b8c5-11dc-8364-0050bab0e239}]
AutoRuncommand- E:Autorun.exe /run
Shell00Command- E:Autorun.exe /run
Shell01Command- E:Autorun.exe /action
Shell02Command- E:Autorun.exe /uninstall

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{84c3f3a2-2e65-11dc-8336-0050bab0e239}]
AutoRuncommand- E:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{aa8127a1-9c50-11dc-8354-0050bab0e239}]
AutoRuncommand- E:setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-07-21 15:14:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.50GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1014.98 MiB / 557.36 MiB
Pagefile Memory (total/avail): 1293.79 MiB / 909.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.55 GiB total, 13.69 GiB free.
D: is CDROM (No Media)

.PHYSICALDRIVE0 - SAMSUNG SV0802N - 74.56 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 74.55 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe"="C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe:*:Enabled:EasyShare"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Disabled:LimeWire"
"C:Program FilesAresAres.exe"="C:Program FilesAresAres.exe:*:Enabled:Ares p2p for windows"
"C:Program FilesAIMaim.exe"="C:Program FilesAIMaim.exe:*:Enabled:AOL Instant Messenger"
"C:Program FilesCommon FilesAOLLoaderaolload.exe"="C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader"
"C:Program FilesBitCometBitComet.exe"="C:Program FilesBitCometBitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:Program FilesWinamp RemotebinOrb.exe"="C:Program FilesWinamp RemotebinOrb.exe:*:Enabled:Orb"
"C:Program FilesWinamp RemotebinOrbTray.exe"="C:Program FilesWinamp RemotebinOrbTray.exe:*:Enabled:OrbTray"
"C:Program FilesWinamp RemotebinOrbStreamerClient.exe"="C:Program FilesWinamp RemotebinOrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:Program FilesuTorrentuTorrent.exe"="C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent"
"C:Program FilesAIM6aim6.exe"="C:Program FilesAIM6aim6.exe:*:Enabled:AIM"
"C:Program FilesGrisoftAVG7avginet.exe"="C:Program FilesGrisoftAVG7avginet.exe:*:Enabled:avginet.exe"
"C:Program FilesGrisoftAVG7avgamsvr.exe"="C:Program FilesGrisoftAVG7avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:Program FilesGrisoftAVG7avgcc.exe"="C:Program FilesGrisoftAVG7avgcc.exe:*:Enabled:avgcc.exe"
"C:WINDOWSsystem32dpvsetup.exe"="C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:Program FilesMozilla Firefoxfirefox.exe"="C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesSports InteractiveNHL Eastside Hockey Manager 2007ehm2007.exe"="C:Program FilesSports InteractiveNHL Eastside Hockey Manager 2007ehm2007.exe:*:Enabled:ehm2007"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsOwnerApplication Data
CLASSPATH=.;C:Program FilesJavajre1.5.0_10libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=DEATH-55354B436
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsOwner
LOGONSERVER=DEATH-55354B436
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.5.0_10libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1OwnerLOCALS~1Temp
TMP=C:DOCUME~1OwnerLOCALS~1Temp
USERDOMAIN=DEATH-55354B436
USERNAME=Owner
USERPROFILE=C:Documents and SettingsOwner
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent --> "C:Program FilesuTorrentuTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
AIM 6 --> C:Program FilesAIM6uninst.exe
AOL Instant Messenger --> C:Program FilesAIMuninstll.exe -LOG= C:Program FilesAIMinstall.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 7.5 --> C:Program FilesGrisoftAVG7setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Combined Community Codec Pack 2008-01-24 --> "C:Program FilesCombined Community Codec Packunins000.exe"
DeadAIM --> MsiExec.exe /I{25AF0BD1-DF07-4447-8E91-28E99617C556}
DivX Web Player --> C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
HP Deskjet 6900 series --> C:Program FilesHPDigital Imaging{7ADE9F27-A175-447F-A4B4-B05FA82735E1}setuphpzscr01.exe -datfile hpfscr09.dat
HP Extended Capabilities 6.0 --> C:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.0 --> C:Program FilesHPDigital ImagingDigitalImagingMonitorhpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0 --> C:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx PCIVEN_8086&DEV_2562
iPod for Windows 2006-06-28 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Malwarebytes' Anti-Malware --> "C:Program FilesMalwarebytes' Anti-Malwareunins000.exe"
Media Widget 3.0 --> "C:Program FilesMedia Widgetunins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Move Networks Player for Internet Explorer --> "C:Documents and SettingsOwnerApplication DataMove Networksie_binunins000.exe"
Mozilla Firefox (2.0.0.16) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
NHL Eastside Hockey Manager 2007 --> MsiExec.exe /X{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}
Post-it® Software Notes Lite --> "C:Program Files3MPSNLiteUninstall.exe" -Prog"C:Program Files3MPSNLitePsnLite.exe" -INI"C:Program Files3MPSNLiteuninst.ini"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek AC'97 Audio --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe" REMOVE
Styler --> MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
Viewpoint Media Player --> C:Program FilesViewpointViewpoint Experience TechnologymtsAxInstaller.exe /u
Winamp --> "C:Program FilesWinampUninstWA.exe"
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2038 / Error
Event Submitted/Written: 07/14/2008 02:15:29 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 819840372.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type2037 / Error
Event Submitted/Written: 07/14/2008 02:15:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.62306, faulting module firefox.exe, version 1.8.20080.62306, fault address 0x00648ee9.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type2021 / Error
Event Submitted/Written: 07/08/2008 07:44:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ehm2007.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2020 / Error
Event Submitted/Written: 07/09/2008 09:41:36 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 723192518.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type2019 / Error
Event Submitted/Written: 07/09/2008 09:41:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avgcc.exe, version 7.5.0.522, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [avgcc.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type88915 / Error
Event Submitted/Written: 07/21/2008 02:52:15 PM
Event ID/Source: 7 / Disk
Event Description:
The device, DeviceHarddisk0D, has a bad block.

Event Record #/Type88914 / Error
Event Submitted/Written: 07/21/2008 02:52:13 PM
Event ID/Source: 7 / Disk
Event Description:
The device, DeviceHarddisk0D, has a bad block.

Event Record #/Type88913 / Error
Event Submitted/Written: 07/21/2008 02:52:12 PM
Event ID/Source: 7 / Disk
Event Description:
The device, DeviceHarddisk0D, has a bad block.

Event Record #/Type88887 / Error
Event Submitted/Written: 07/21/2008 02:30:52 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type88886 / Error
Event Submitted/Written: 07/21/2008 02:30:47 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-07-21 15:14:49 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 21 July 2008 - 03:06 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:35 PM

Posted 07 August 2008 - 10:17 AM

Hello, Nemcon.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:35 PM

Posted 10 August 2008 - 05:13 PM

Hello, Nemcon.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users