Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Virus Detected. Can't Remove


  • This topic is locked This topic is locked
11 replies to this topic

#1 burkg

burkg

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 22 July 2008 - 12:54 PM

Issue: Vitrumonde Virus

I first became suspicious when I got alerts saying I could not update Windows. I tried resetting using sevices.msc but no luck. I began get warnings of tojan files from my antivirus software. Many popups started and the web became very sluggish.

I scanned with my antivirus software AVG (updated) and Spybot S and D (updated) These scans incated the presence of the Vitrumonde virus and several trackers which I moved to vault or "fixed".

I was then able to install updates and updated to SP3 and any other available updates.

The problem with the popups continued and subsequent scans repeatedly showed two vitrumonde entries. I tried several removal tools but none seemed to work.

I ran the kapersky scan and the report indicated no issues found.

Any help with this would be appreciated.

Deckard's System Scanner v20071014.68
Run by G BURKE on 2008-07-22 13:17:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-22 17:17:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 2.12 GiB (less than 15%) free.


-- HijackThis (run as G BURKE.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:59 PM, on 7/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CePMTray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\G BURKE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\G BURKE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.algonquinadventures.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://lc2.law5.hotmail.passport.com/cgi-bin/login"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: (no name) - {108445B7-8800-4999-9601-DC7E37E067AF} - blank (file missing)
O2 - BHO: (no name) - {305270B5-D0AA-4B65-95A8-3E0C6532711B} - blank (file missing)
O2 - BHO: (no name) - {325A2501-EF1A-4728-A444-C8B39C594B20} - C:\WINDOWS\system32\ddcAqPHB.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {521b7c9c-168f-923b-4334-6d8a734369b5} - {5b963437-a8d6-4334-b329-f861c9c7b125} - C:\WINDOWS\system32\nvnxix.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8EC3F816-F57C-4CDB-AE8A-2279693A9DCA} - C:\WINDOWS\system32\atmli.dll (file missing)
O2 - BHO: (no name) - {9C49B883-D61D-46E8-9BCF-34A7D92AFDD6} - blank (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2AF8E3-C2E2-4956-8A9D-70B248D91D3D}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\System32\ATMsrvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6838 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R2 LxrSII1d (Secure II Driver) - c:\windows\system32\drivers\lxrsii1d.sys
R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>
R3 EPOWER (Compal E-POWER Driver) - c:\windows\system32\drivers\hkdrv.sys <Not Verified; Compal Electronic Inc.; EPOWER>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>
S3 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
S3 GEARSecurity (Gear Security Service) - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S4 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe
S4 LxrSII1s (Lexar Secure II) - lxrsii1s.exe
S4 Smcmooswp -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 13:20:01 426 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{94B46BEE-7307-4DA5-8035-FA3FF807BEA2}.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 08:48:47 0 d-------- C:\WINDOWS\Sun
2008-07-22 08:48:46 0 d-------- C:\Documents and Settings\G BURKE\Application Data\Sun
2008-07-22 08:46:19 0 d-------- C:\Program Files\Sun
2008-07-22 08:40:19 0 d-------- C:\Program Files\Java
2008-07-22 08:37:41 0 d-------- C:\Program Files\Common Files\Java
2008-07-22 07:55:54 0 d-------- C:\Program Files\Trend Micro
2008-07-20 12:18:02 0 d-------- C:\WINDOWS\Prefetch
2008-07-20 11:35:12 0 d-------- C:\WINDOWS\system32\scripting
2008-07-20 11:35:04 0 d-------- C:\WINDOWS\l2schemas
2008-07-20 11:34:59 0 d-------- C:\WINDOWS\system32\en
2008-07-18 21:44:33 81296 --a------ C:\WINDOWS\system32\hwlljpeh.dll
2008-07-18 21:42:04 105328 --a------ C:\WINDOWS\system32\nvnxix.dll
2008-07-18 21:42:01 105328 --a------ C:\WINDOWS\system32\wnygrqvo.dll
2008-07-18 20:54:31 0 d-------- C:\VundoFix Backups
2008-07-18 18:51:13 0 dr-h----- C:\Documents and Settings\G BURKE\Recent
2008-07-17 21:27:35 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-07-17 16:27:55 0 d-------- C:\WTablet
2008-07-17 15:17:09 0 d-------- C:\Program Files\Alwil Software
2008-07-17 08:46:49 105200 --a------ C:\WINDOWS\system32\gnzeif.dll
2008-07-17 08:46:46 105200 --a------ C:\WINDOWS\system32\nieeobnx.dll
2008-07-17 08:43:41 452956 --ahs---- C:\WINDOWS\system32\BHPqAcdd.ini2
2008-07-16 21:35:31 0 d--h----- C:\$AVG8.VAULT$
2008-07-16 21:10:07 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-16 21:10:03 0 d-------- C:\Documents and Settings\G BURKE\Application Data\AVGTOOLBAR
2008-07-16 21:09:01 0 d-------- C:\Program Files\AVG
2008-07-16 21:09:00 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-16 19:16:11 105264 --a------ C:\WINDOWS\system32\lhdmqd.dll
2008-07-16 19:16:08 105264 --a------ C:\WINDOWS\system32\bilkmwho.dll
2008-07-15 21:52:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 13:22:37 105232 --a------ C:\WINDOWS\system32\ruxdcp.dll
2008-07-15 13:22:32 105232 --a------ C:\WINDOWS\system32\psiwvfqu.dll
2008-07-13 20:28:09 453267 --ahs---- C:\WINDOWS\system32\YxxHPXyb.ini2
2008-07-12 08:47:47 2086 --ahs---- C:\WINDOWS\system32\XwFiQXbc.ini2
2008-07-11 21:23:28 419 --ahs---- C:\WINDOWS\system32\llRBHkkj.ini2


-- Find3M Report ---------------------------------------------------------------

2008-07-22 08:37:41 0 d-------- C:\Program Files\Common Files
2008-07-20 11:36:40 0 d-------- C:\Program Files\Messenger
2008-07-20 11:34:56 0 d-------- C:\Program Files\Movie Maker
2008-07-20 11:21:16 0 d-------- C:\Program Files\Windows NT
2008-07-17 15:15:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 15:13:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-17 14:10:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 20:13:40 0 d-------- C:\Documents and Settings\G BURKE\Application Data\Lavasoft
2008-07-15 21:54:19 0 d-------- C:\Program Files\Lavasoft
2008-07-14 21:15:50 0 d-------- C:\Program Files\Tablet


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{108445B7-8800-4999-9601-DC7E37E067AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{305270B5-D0AA-4B65-95A8-3E0C6532711B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{325A2501-EF1A-4728-A444-C8B39C594B20}]
C:\WINDOWS\system32\ddcAqPHB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b963437-a8d6-4334-b329-f861c9c7b125}]
07/18/2008 09:42 PM 105328 --a------ C:\WINDOWS\system32\nvnxix.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EC3F816-F57C-4CDB-AE8A-2279693A9DCA}]
C:\WINDOWS\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C49B883-D61D-46E8-9BCF-34A7D92AFDD6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/16/2008 09:09 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/16/2008 09:09 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"EPSON Stylus Photo 2200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [07/01/2002 03:05 AM]
"CeEPOWER"="C:\WINDOWS\System32\CePMTray.exe" [12/18/2001 05:41 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/16/2008 09:09 PM]
"AtiPTA"="atiptaxx.exe" [12/21/2001 11:58 AM C:\WINDOWS\system32\atiptaxx.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 11:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcAqPHB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorVisionStartup.lnk]
backup=C:\WINDOWS\pss\ColorVisionStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^Juice.lnk]
backup=C:\WINDOWS\pss\Juice.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0085a1c6]
rundll32.exe "C:\WINDOWS\system32\hwlljpeh.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKey.exe]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPATR10]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVENTLISTENER]
C:\Program Files\Common Files\FotoNation\EvLstnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFusion]
RunDll32 cwaprops.cpl,CrystalControlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TabletService"=2 (0x2)
"LxrSII1s"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-22 13:27:26 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 254.98 MiB / 56.77 MiB
Pagefile Memory (total/avail): 625.98 MiB / 105.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.95 GiB total, 2.13 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK3017GAP - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\G BURKE\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMMTECHSPSS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\G BURKE
LOGONSERVER=\\COMMTECHSPSS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\Odbc\FILEMA~1;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GBURKE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GBURKE~1\LOCALS~1\Temp
USERDOMAIN=COMMTECHSPSS
USERNAME=G BURKE
USERPROFILE=C:\Documents and Settings\G BURKE
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

G BURKE (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\PM65\DeIsL1.isu" -c"C:\Program Files\Adobe\PM65\Uninst.dll"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator 8.0 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Illustrator 8.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Illustrator 8.0\Uninst.dll"
Adobe Image Viewer Plugin 4.0 --> C:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Install.log
Adobe InDesign 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"C:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
Adobe Photoshop 5.5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Photoshop Album --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F9E6AA-7075-49EC-992F-A6213C73607F}\apxp.ex_" -l0x9
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Streamline 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Adobe\Streamline 4.0\DeIsL1.isu"
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager 4.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Agfa ScanWise 2.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 2_00\UNINSTALL.DLL"
Alps Touch Pad --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Apoint2K\Apoint.isu" -c"C:\Program Files\Apoint2K\ApInst.dll"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
AutoEye --> C:\WINDOWS\unvise32.exe C:\AutoEyeuninstal.log
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BookSmart™ 1.9.2 1.9.2 --> C:\Program Files\BookSmart\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Corel WordPerfect Suite 8 --> C:\Corel\Suite8\AppMan\Setup\REMOVELAUNCHER.EXE
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DreamSuite Series2 --> C:\WINDOWS\unvise32.exe C:\DS2Uninstall.log
E-KEY --> C:\Program Files\TOSHIBA\E-KEY\uninstal.exe
Easy Button --> C:\WINDOWS\UnInst32.exe CPATR10.UNI
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Eye Candy 3 --> C:\PROGRA~1\Adobe\PHOTOS~1.5\Plug-Ins\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.5\Plug-Ins\INSTALL.LOG
FileMaker Pro 5.5 --> MsiExec.exe /I{4A425F14-0561-11D4-9027-0060089CDAE1}
Film Factory --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
Flickr Uploadr 2.3 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
Garmin Trip and Waypoint Manager v3 --> MsiExec.exe /X{5414086B-AE06-4332-8A59-26FF0F630D1B}
Garmin WebUpdater --> MsiExec.exe /X{996EC44B-38E1-4898-8E47-3EE3D15F2712}
Garmin WebUpdater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICC Color Profiles --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{476D3472-3FCA-423C-8C0C-18BA780246ED}\setup.exe" -l0x9 anything
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iPod for Windows User Guide --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9987754-9A14-4B61-ABB3-73A79503238D} /l1033
iPod System Software Updater 2.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B02B8E30-EB28-49B0-A60F-696268BAE033} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9705A7E1-3DD1-4BAC-8CA9-FE7B1473BEC9}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
MapSource - Topo Canada v2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9F308117-9B2F-45EB-9FAF-B59CD8339673} /l1033
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50) --> MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nikon View Ver.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BC47F60-E41B-11D3-BF8E-00E0295703D2}\setup.exe"
NikonCapture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DDC579-834B-4C14-8122-853994FA2214}\Setup.exe" -l0x9 UNINSTALL
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Photo/Graphic Edges Demo --> C:\WINDOWS\IsUninst.exe -f"c:\program files\adobe\photoshop 5.5\plugins\autofx\pge40\Uninst.isu"
PhotoTile --> MsiExec.exe /I{DD691A63-6E1D-11D9-9526-9DA8B8E67809}
PictureGear 4.1Lite --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Sony\PictureGear4.1Lite\PG41LITE.isu" -c"C:\Program Files\Sony\PictureGear4.1Lite\PGCacheCleanUp.dll"
Power Retouche Demo --> C:\Program Files\Adobe\Photoshop 5.5\Plug-Ins\UnInstall_PRDemo.exe
QuadToneRIP --> C:\Program Files\QuadToneRIP\Uninstall.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 5.2 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rubric Builder 3.0 International Edition --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Rubric Builder 3.0\DeIsL4.isu" -cC:\PROGRA~1\RUBRIC~2.0\_ISREG32.DLL
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SP2200 EnhancedMatte Premium ICC Profiles --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA42DB1B-CA81-48FC-B625-DAF2FAF7ECB0}\Setup.exe" -l0x9 anything
SP2200 Prem.Glossy Premium ICC Profiles --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E914F-7F58-49C2-A6BB-C93BA836DF23}\Setup.exe" -l0x9 anything
SP2200 Prem.Luster Premium ICC Profiles --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB9E953C-A225-4C9B-96B5-7197F6DC6CF7}\Setup.exe" -l0x9 anything
SP2200 Prem.Semigloss Premium ICC Profiles --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB613005-5353-49A7-AC2B-F5163AC157D2}\Setup.exe" -l0x9 anything
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyder2 --> C:\WINDOWS\unvise32.exe C:\Program Files\ColorVision\Spyder2\uninstal.log
Sympatico 4.7 --> C:\WINDOWS\cd32.exe 4.7 (en)
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
TOSHIBA Power Management --> C:\Program Files\TOSHIBA\Power Management\uninstal.exe
TOSHIBA Software Modem --> Tosmreg -U
Video2Photo v1.0 Build 55 (c't Edition) --> "C:\Program Files\Video2Photo\unins000.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xenofex 1.0 --> C:\PROGRA~1\Adobe\PHOTOS~1.5\Plug-Ins\\Xenofex\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.5\Plug-Ins\\Xenofex\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type11956 / Warning
Event Submitted/Written: 07/20/2008 00:09:56 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11955 / Warning
Event Submitted/Written: 07/20/2008 11:39:37 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type11946 / Error
Event Submitted/Written: 07/19/2008 07:16:45 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x009a1c9e.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type11912 / Error
Event Submitted/Written: 07/18/2008 06:16:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11911 / Error
Event Submitted/Written: 07/18/2008 05:50:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00bd1c9e.
Processing media-specific event for [rundll32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6426 / Error
Event Submitted/Written: 07/22/2008 09:19:04 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type6425 / Error
Event Submitted/Written: 07/22/2008 09:19:04 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).

Event Record #/Type6416 / Error
Event Submitted/Written: 07/22/2008 08:37:56 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type6408 / Error
Event Submitted/Written: 07/22/2008 08:27:31 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type6405 / Error
Event Submitted/Written: 07/22/2008 08:27:14 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-07-22 13:27:26 ------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 23 July 2008 - 01:53 PM

Hello, my name is fenzodahl512 and welcome to BC... Please do the following...


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 burkg

burkg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 24 July 2008 - 08:05 AM

thankyou I will post this shortly

burkg

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 24 July 2008 - 09:47 AM

ok..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 burkg

burkg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 24 July 2008 - 11:19 AM

Here are the logs from hijack and combofix as requested

Thanks again for your time and expertise

burkg


Deckard's System Scanner v20071014.68
Run by G BURKE on 2008-07-24 12:08:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 2 GiB (less than 15%) free.


-- HijackThis (run as G BURKE.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:56 PM, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\G BURKE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GBURKE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.algonquinadventures.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://lc2.law5.hotmail.passport.com/cgi-bin/login"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2AF8E3-C2E2-4956-8A9D-70B248D91D3D}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\System32\ATMsrvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6703 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 11:29:27 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-24 11:14:33 0 d-------- C:\cmdcons
2008-07-24 11:11:00 68096 --a------ C:\WINDOWS\zip.exe
2008-07-24 11:11:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-24 11:11:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-24 11:11:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-24 11:11:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 11:11:00 98816 --a------ C:\WINDOWS\sed.exe
2008-07-24 11:11:00 80412 --a------ C:\WINDOWS\grep.exe
2008-07-24 11:11:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 08:48:47 0 d-------- C:\WINDOWS\Sun
2008-07-22 08:48:46 0 d-------- C:\Documents and Settings\G BURKE\Application Data\Sun
2008-07-22 08:46:19 0 d-------- C:\Program Files\Sun
2008-07-22 08:40:19 0 d-------- C:\Program Files\Java
2008-07-22 08:37:41 0 d-------- C:\Program Files\Common Files\Java
2008-07-22 07:55:54 0 d-------- C:\Program Files\Trend Micro
2008-07-20 12:18:02 0 d-------- C:\WINDOWS\Prefetch
2008-07-20 11:35:12 0 d-------- C:\WINDOWS\system32\scripting
2008-07-20 11:35:04 0 d-------- C:\WINDOWS\l2schemas
2008-07-20 11:34:59 0 d-------- C:\WINDOWS\system32\en
2008-07-18 20:54:31 0 d-------- C:\VundoFix Backups
2008-07-18 18:51:13 0 dr-h----- C:\Documents and Settings\G BURKE\Recent
2008-07-17 21:27:35 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-07-17 16:27:55 0 d-------- C:\WTablet
2008-07-17 15:17:09 0 d-------- C:\Program Files\Alwil Software
2008-07-16 21:35:31 0 d--h----- C:\$AVG8.VAULT$
2008-07-16 21:10:07 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-16 21:10:03 0 d-------- C:\Documents and Settings\G BURKE\Application Data\AVGTOOLBAR
2008-07-16 21:09:01 0 d-------- C:\Program Files\AVG
2008-07-16 21:09:00 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 21:52:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-07-24 11:24:19 0 d-------- C:\Program Files\Common Files
2008-07-20 11:36:40 0 d-------- C:\Program Files\Messenger
2008-07-20 11:34:56 0 d-------- C:\Program Files\Movie Maker
2008-07-20 11:21:16 0 d-------- C:\Program Files\Windows NT
2008-07-17 15:15:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 15:13:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-17 14:10:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 20:13:40 0 d-------- C:\Documents and Settings\G BURKE\Application Data\Lavasoft
2008-07-15 21:54:19 0 d-------- C:\Program Files\Lavasoft
2008-07-14 21:15:50 0 d-------- C:\Program Files\Tablet


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/16/2008 09:09 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/16/2008 09:09 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"EPSON Stylus Photo 2200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [07/01/2002 03:05 AM]
"CeEPOWER"="C:\WINDOWS\System32\CePMTray.exe" [12/18/2001 05:41 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/16/2008 09:09 PM]
"AtiPTA"="atiptaxx.exe" [12/21/2001 11:58 AM C:\WINDOWS\system32\atiptaxx.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 11:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorVisionStartup.lnk]
backup=C:\WINDOWS\pss\ColorVisionStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^Juice.lnk]
backup=C:\WINDOWS\pss\Juice.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKey.exe]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPATR10]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVENTLISTENER]
C:\Program Files\Common Files\FotoNation\EvLstnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFusion]
RunDll32 cwaprops.cpl,CrystalControlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TabletService"=2 (0x2)
"LxrSII1s"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-24 12:10:44 ------------





ComboFix 08-07-23.5 - G BURKE 2008-07-24 11:20:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.76 [GMT -4:00]
Running from: C:\Documents and Settings\G BURKE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\G BURKE\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM03b6925a.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\BHPqAcdd.ini
C:\WINDOWS\system32\BHPqAcdd.ini2
C:\WINDOWS\system32\bilkmwho.dll
C:\WINDOWS\system32\gnzeif.dll
C:\WINDOWS\system32\hepjllwh.ini
C:\WINDOWS\system32\hrfkgenc.ini
C:\WINDOWS\system32\hwlljpeh.dll
C:\WINDOWS\system32\kqcmcene.ini
C:\WINDOWS\system32\lhdmqd.dll
C:\WINDOWS\system32\llRBHkkj.ini
C:\WINDOWS\system32\llRBHkkj.ini2
C:\WINDOWS\system32\nieeobnx.dll
C:\WINDOWS\system32\nvnxix.dll
C:\WINDOWS\system32\psiwvfqu.dll
C:\WINDOWS\system32\ruxdcp.dll
C:\WINDOWS\system32\wnygrqvo.dll
C:\WINDOWS\system32\xidxwejq.ini
C:\WINDOWS\system32\XwFiQXbc.ini
C:\WINDOWS\system32\XwFiQXbc.ini2
C:\WINDOWS\system32\YxxHPXyb.ini
C:\WINDOWS\system32\YxxHPXyb.ini2
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-22 13:17 . 2008-07-22 13:17 <DIR> d-------- C:\Deckard
2008-07-22 08:48 . 2008-07-22 08:48 <DIR> d-------- C:\WINDOWS\Sun
2008-07-22 08:46 . 2008-07-22 08:46 <DIR> d-------- C:\Program Files\Sun
2008-07-22 08:44 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-22 08:40 . 2008-07-22 08:44 <DIR> d-------- C:\Program Files\Java
2008-07-22 08:37 . 2008-07-22 08:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-22 07:55 . 2008-07-22 07:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-20 11:35 . 2008-07-20 11:35 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-20 11:35 . 2008-07-20 11:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-20 11:34 . 2008-07-20 11:34 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-20 10:56 . 2008-07-20 12:05 2,675 --a------ C:\WINDOWS\imsins.BAK
2008-07-20 09:56 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-07-20 09:56 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-07-20 09:56 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-07-20 09:56 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-07-20 09:55 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-07-20 09:55 . 2008-04-13 20:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-07-20 09:55 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-07-20 09:55 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-07-20 09:55 . 2008-04-13 20:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-07-20 09:55 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-07-20 09:53 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-07-20 09:53 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-20 09:53 . 2008-04-13 20:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-07-20 09:53 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-20 09:53 . 2008-04-13 14:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-07-20 09:53 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-07-20 09:52 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-07-20 09:52 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-07-20 09:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-07-20 09:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-07-20 09:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-07-20 09:52 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-07-20 09:50 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-07-20 09:49 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-18 20:54 . 2008-07-18 20:54 <DIR> d-------- C:\VundoFix Backups
2008-07-17 16:27 . 2008-07-17 16:27 <DIR> d-------- C:\WTablet
2008-07-17 15:17 . 2008-07-17 15:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-16 21:35 . 2008-07-23 12:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-16 21:10 . 2008-07-24 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-16 21:10 . 2008-07-16 21:49 <DIR> d-------- C:\Documents and Settings\G BURKE\Application Data\AVGTOOLBAR
2008-07-16 21:10 . 2008-07-16 21:10 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-16 21:10 . 2008-07-16 21:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-16 21:10 . 2008-07-16 21:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 21:09 . 2008-07-16 21:09 <DIR> d-------- C:\Program Files\AVG
2008-07-16 21:09 . 2008-07-16 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 21:52 . 2008-07-16 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 21:15 . 2008-07-15 21:15 93 --a------ C:\WINDOWS\wininit.ini
2008-07-15 13:19 . 2008-07-19 16:48 110,424 --a------ C:\WINDOWS\BM03b6925a.xml
2008-07-11 14:38 . 2008-07-11 14:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-11 14:38 . 2008-07-11 14:38 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 19:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 19:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-17 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 00:13 --------- d-----w C:\Documents and Settings\G BURKE\Application Data\Lavasoft
2008-07-16 01:54 --------- d-----w C:\Program Files\Lavasoft
2008-07-15 01:15 --------- d-----w C:\Program Files\Tablet
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2006-01-03 13:04 714,752 ----a-w C:\Program Files\ExifRead.exe
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2002-11-02 21:28 5,793,012 ----a-w C:\Program Files\photoedgedemo.exe
2002-10-28 16:38 14,362,098 ----a-w C:\Program Files\Rubric Builder.exe
2002-08-27 10:41 784 ----a-w C:\Documents and Settings\G BURKE\Application Data\mpauth.dat
2002-07-16 16:40 8,981,440 ----a-w C:\Program Files\ar505enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 23:40 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"EPSON Stylus Photo 2200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 03:05 74752]
"CeEPOWER"="C:\WINDOWS\System32\CePMTray.exe" [2001-12-18 05:41 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-16 21:09 1232152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AtiPTA"="atiptaxx.exe" [2001-12-21 11:58 307200 C:\WINDOWS\system32\atiptaxx.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 04:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorVisionStartup.lnk]
backup=C:\WINDOWS\pss\ColorVisionStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^Juice.lnk]
backup=C:\WINDOWS\pss\Juice.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPATR10
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2001-10-19 08:46 118784 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKey.exe]
--a------ 2002-01-17 22:19 73728 C:\Program Files\Toshiba\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVENTLISTENER]
--a------ 2000-06-20 19:46 53248 C:\Program Files\Common Files\FotoNation\EvLstnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-03-13 22:06 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2003-12-16 12:06 229376 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFusion]
--a------ 2001-12-20 03:26 614912 C:\WINDOWS\system32\cwaprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TabletService"=2 (0x2)
"LxrSII1s"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-10-31 15:30]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-16 21:10]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-16 21:09]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-16 21:09]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-16 21:10]
R2 DPortIO;Dritek Port I/O Driver;C:\WINDOWS\system32\Drivers\DPortIO.sys [2001-04-12 04:04]
R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2005-05-19 15:48]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8180.sys [2003-09-30 22:54]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 17:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 15:55]
S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 16:30]
S3 HPUATA;HP CD Writer Plus Controller Driver;C:\WINDOWS\system32\DRIVERS\HPUATA.sys [2001-09-24 03:36]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-10-31 15:31]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-24 15:45:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{94B46BEE-7307-4DA5-8035-FA3FF807BEA2}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{108445B7-8800-4999-9601-DC7E37E067AF} - blank
BHO-{305270B5-D0AA-4B65-95A8-3E0C6532711B} - blank
BHO-{325A2501-EF1A-4728-A444-C8B39C594B20} - C:\WINDOWS\system32\ddcAqPHB.dll
BHO-{8EC3F816-F57C-4CDB-AE8A-2279693A9DCA} - C:\WINDOWS\system32\atmli.dll
BHO-{9C49B883-D61D-46E8-9BCF-34A7D92AFDD6} - blank
HKLM-Run-RegistryMechanic - (no file)
ShellExecuteHooks-{149813CF-AFC1-4AC2-A404-B8AA402F323A} - (no file)
MSConfigStartUp-0085a1c6 - C:\WINDOWS\system32\hwlljpeh.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.algonquinadventures.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 11:39:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-24 11:48:04 - machine was rebooted [G BURKE]
ComboFix-quarantined-files.txt 2008-07-24 15:47:48

Pre-Run: 2,138,144,768 bytes free
Post-Run: 2,106,982,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

240 --- E O F --- 2008-07-09 17:30:30

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 24 July 2008 - 12:39 PM

Please show hidden files and folders. Please visit HERE if you don't know how.


Please find and delete this file manually: C:\WINDOWS\BM03b6925a.xml



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply...

1, Malwarebytes'
2, a fresh DSS log (after Malwarebytes' step)
3, Tell me how is your computer doing..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 burkg

burkg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 24 July 2008 - 07:06 PM

Here are the logs you requested. At this point I see no evidence of popups etc...

Thanks again for your time


burkg

Malwarebytes' Anti-Malware 1.23
Database version: 988
Windows 5.1.2600 Service Pack 3

7:38:35 PM 7/24/2008
mbam-log-7-24-2008 (19-38-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 118145
Time elapsed: 1 hour(s), 55 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Deckard's System Scanner v20071014.68
Run by G BURKE on 2008-07-24 19:44:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 1.98 GiB (less than 15%) free.


-- HijackThis (run as G BURKE.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:32 PM, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\G BURKE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GBURKE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.algonquinadventures.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://lc2.law5.hotmail.passport.com/cgi-bin/login"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2AF8E3-C2E2-4956-8A9D-70B248D91D3D}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\System32\ATMsrvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6646 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 17:39:28 0 d-------- C:\Documents and Settings\G BURKE\Application Data\Malwarebytes
2008-07-24 17:39:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 17:39:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 11:29:27 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-24 11:14:33 0 d-------- C:\cmdcons
2008-07-24 11:11:00 68096 --a------ C:\WINDOWS\zip.exe
2008-07-24 11:11:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-24 11:11:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-24 11:11:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-24 11:11:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 11:11:00 98816 --a------ C:\WINDOWS\sed.exe
2008-07-24 11:11:00 80412 --a------ C:\WINDOWS\grep.exe
2008-07-24 11:11:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 08:48:47 0 d-------- C:\WINDOWS\Sun
2008-07-22 08:48:46 0 d-------- C:\Documents and Settings\G BURKE\Application Data\Sun
2008-07-22 08:46:19 0 d-------- C:\Program Files\Sun
2008-07-22 08:40:19 0 d-------- C:\Program Files\Java
2008-07-22 08:37:41 0 d-------- C:\Program Files\Common Files\Java
2008-07-22 07:55:54 0 d-------- C:\Program Files\Trend Micro
2008-07-20 12:18:02 0 d-------- C:\WINDOWS\Prefetch
2008-07-20 11:35:12 0 d-------- C:\WINDOWS\system32\scripting
2008-07-20 11:35:04 0 d-------- C:\WINDOWS\l2schemas
2008-07-20 11:34:59 0 d-------- C:\WINDOWS\system32\en
2008-07-18 20:54:31 0 d-------- C:\VundoFix Backups
2008-07-18 18:51:13 0 dr-h----- C:\Documents and Settings\G BURKE\Recent
2008-07-17 21:27:35 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-07-17 16:27:55 0 d-------- C:\WTablet
2008-07-17 15:17:09 0 d-------- C:\Program Files\Alwil Software
2008-07-16 21:35:31 0 d--h----- C:\$AVG8.VAULT$
2008-07-16 21:10:07 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-16 21:10:03 0 d-------- C:\Documents and Settings\G BURKE\Application Data\AVGTOOLBAR
2008-07-16 21:09:01 0 d-------- C:\Program Files\AVG
2008-07-16 21:09:00 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 21:52:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-07-24 11:24:19 0 d-------- C:\Program Files\Common Files
2008-07-20 11:36:40 0 d-------- C:\Program Files\Messenger
2008-07-20 11:34:56 0 d-------- C:\Program Files\Movie Maker
2008-07-20 11:21:16 0 d-------- C:\Program Files\Windows NT
2008-07-17 15:15:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 15:13:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-17 14:10:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 20:13:40 0 d-------- C:\Documents and Settings\G BURKE\Application Data\Lavasoft
2008-07-15 21:54:19 0 d-------- C:\Program Files\Lavasoft
2008-07-14 21:15:50 0 d-------- C:\Program Files\Tablet


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/16/2008 09:09 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/16/2008 09:09 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"EPSON Stylus Photo 2200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [07/01/2002 03:05 AM]
"CeEPOWER"="C:\WINDOWS\System32\CePMTray.exe" [12/18/2001 05:41 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/16/2008 09:09 PM]
"AtiPTA"="atiptaxx.exe" [12/21/2001 11:58 AM C:\WINDOWS\system32\atiptaxx.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 11:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorVisionStartup.lnk]
backup=C:\WINDOWS\pss\ColorVisionStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^Juice.lnk]
backup=C:\WINDOWS\pss\Juice.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^G BURKE^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKey.exe]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPATR10]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVENTLISTENER]
C:\Program Files\Common Files\FotoNation\EvLstnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFusion]
RunDll32 cwaprops.cpl,CrystalControlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TabletService"=2 (0x2)
"LxrSII1s"=2 (0x2)
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-24 19:47:34 ------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 24 July 2008 - 07:22 PM

Great.. Your log looks clean to my eyes...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image



NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 7



NEXT


I noticed you already have:

1. AVG8 as your antivirus
2. Malwarebytes' as your antispyware..

However, I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewal below:
  • Comodo Firewall Pro
  • PC Tools Firewall Plus
    After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




    Lastly, to keep your operating system up to date please visit the link below monthly
    [list]
  • Microsoft Windows Update
To learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 burkg

burkg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 25 July 2008 - 05:14 PM

i very much appreciate your help and guidznce in these issues

Are the firewalls you recommend a better choice than the Windows firewall

Can I replace my other scanning programs: spybot S and D, and Adaware with Malwarebytes or is this meant to compliment the other applications?

Thanks again

burkg

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 25 July 2008 - 05:25 PM

i very much appreciate your help and guidznce in these issues

Are the firewalls you recommend a better choice than the Windows firewall

Can I replace my other scanning programs: spybot S and D, and Adaware with Malwarebytes or is this meant to compliment the other applications?

Thanks again

burkg


1. Yup.. it is a lot better than Windows Firewall,, Just choose one only..

2. Yup.. I recommend you to just replace it with Malwarebytes..

Anymore question? Or can I close this thread?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 burkg

burkg
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 25 July 2008 - 05:31 PM

I guess that's it... again thanks so much!!!

burkg

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 25 July 2008 - 05:49 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users